Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.
>> AUTHOR: deepcore
Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the ‘/WEB-INF./web.xml’ file (debug=true). An attacker can entice a logged-in user…
Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.
Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.
Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.
ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.
WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.
Centreon version 2.6.1 suffers from a remote shell upload vulnerability.
Kaseya Virtual System Administrator – Multiple Vulnerabilities
Ubuntu Apport – Local Privilege Escalation