Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added, Pentaho makes a HTTP request to the dashboards editor (/pentaho/api/repos/dashboards/editor) in order to test the connection by executing a test SQL query. However, further examination […]
Opencart 3 Extension TMD Vendor System suffers from a remote blind SQL injection vulnerability.
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
Payment Terminal 3.1 – ‘Multiple’ Cross-Site Scripting (XSS)
Tags:
0day,
remote exploit
10-Strike Network Inventory Explorer Pro 9.31 – ‘srvInventoryWebServer’ Unquoted Service Path
Tags:
0day,
remote exploit
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
Fuel CMS version 1.4.1 remote code execution exploit. Original discovery of remote code execution in this version is attributed to 0xd0ff9 in July of 2019.
Fuel CMS version 1.4.1 remote code execution exploit. Original discovery of remote code execution in this version is attributed to 0xd0ff9 in July of 2019.
Opencart 3 Extension TMD Vendor System – Blind SQL Injection
Tags:
0day,
remote exploit
Opencart 3 Extension TMD Vendor System – Blind SQL Injection
Tags:
0day,
remote exploit
