This Metasploit module exploits a command injection vulnerability in Xymon versions before 4.3.25 which allows authenticated users to execute arbitrary operating system commands as the web server user. When adding…
>> AUTHOR: deepcore
http://www.dft.go.th/Relaz.html notified by M3sicth
MyT Project Management 1.5.1 – User[username] Persistent Cross-Site Scripting
Sahi Pro 8.0.0 – Remote Command Execution
Jenkins Dependency Graph View Plugin 0.13 – Persistent Cross-Site Scripting
Citrix SD-WAN Appliance 10.2.2 – Authentication Bypass / Remote Command Execution
Tenda D301 v2 Modem Router – Persistent Cross-Site Scripting
Microsoft Font Subsetting – DLL Heap Corruption in ComputeFormat4CmapData
Xymon 4.3.25 – useradm Command Execution (Metasploit)
Microsoft DirectWrite / AFDKO suffers from an interpreter stack underflow in OpenType font handling due to missing CHKUFLOW.