>> ARCHIVE: 2022-02

WordPress IP2Location Country Blocker plugin version 2.26.7 suffers from a persistent cross site scripting vulnerability.

FLAME II MODEM USB suffers from an unquoted service path vulnerability.

This Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By…

This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value…

WBCE CMS version 1.5.2 authenticated remote code execution exploit.

This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to “/data-service/users/[userid]” with any low-authority user…

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp…

Voltage SecureMail Server versions prior to 7.3.0.1 suffer from a business logic bypass vulnerability.