TheJshen contentManagementSystem 1.04 – ‘id’ SQL Injection
>> AUTHOR: deepcore
TheJshen contentManagementSystem 1.04 – ‘id’ SQL Injection
OpenVPN Private Tunnel 2.8.4 – ‘ovpnagent’ Unquoted Service Path
ownCloud 10.3.0 stable – Cross-Site Request Forgery
Nostromo – Directory Traversal Remote Command Execution (Metasploit)
This Metasploit module exploits a command injection vulnerability in Ajenti versions 2.1.31 and below. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a denial of service vulnerability.
Citrix StoreFront Server version 7.15 suffers from an XML external entity injection vulnerability.
JavaScriptCore (JSC) GetterSetter suffers from a type confusion vulnerability during DFG compilation.
iSeeQ Hybrid DVR WH-H4 versions 1.03R and 2.0.0.P suffer from an unauthenticated and unauthorized live stream disclosure vulnerability when get_jpeg script is called.