WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated)
>> AUTHOR: deepcore
WBCE CMS 1.5.2 – Remote Code Execution (RCE) (Authenticated)
FLAME II MODEM USB – Unquoted Service Path
WordPress Plugin IP2Location Country Blocker 2.26.7 – Stored Cross Site Scripting (XSS) (Authenticated)
Servisnet Tessa – Privilege Escalation (Metasploit)
Servisnet Tessa – Add sysAdmin User (Unauthenticated) (Metasploit)
CONTPAQi AdminPAQ version 14.0.0 suffers from an unquoted service path vulnerability.
WordPress 404 to 301 plugin version 2.l0.2 suffers from a remote SQL injection vulnerability.
WordPress Post Grid plugin version 2.1.1 suffers from a cross site scripting vulnerability.
WordPress Product Slider for WooCommerce plugin version 1.13.21 suffers from a cross site scripting vulnerability.
Chamilo LMS version 1.11.14 suffers from a persistent cross site scripting vulnerability.