Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit)
>> AUTHOR: deepcore
Strapi CMS 3.0.0-beta.17.4 – Set Password (Unauthenticated) (Metasploit)
Hotel Reservation System 1.0 – SQLi (Unauthenticated)
FileBrowser 2.17.2 – Cross Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Hospital Management System 4.0 – ‘multiple’ SQL Injection
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 – Cross Site Scripting (XSS)
Wing FTP Server 4.3.8 – Remote Code Execution (RCE) (Authenticated)
WordPress Plugin Simple Job Board 2.9.3 – Local File Inclusion
WordPress IP2Location Country Blocker plugin version 2.26.7 suffers from a persistent cross site scripting vulnerability.
FLAME II MODEM USB suffers from an unquoted service path vulnerability.
This Metasploit module exploits an authentication bypass in Servisnet Tessa, triggered by add new sysadmin user. The app.js is publicly available which acts as the backend of the application. By…