04.21
ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.
This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.
ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.
Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.
FUXA version 1.1.13-1186 suffers from an unauthenticated remote code execution vulnerability.
This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access.
Swagger UI 4.1.3 – User Interface (UI) Misrepresentation of Critical Information
AspEmail v5.6.0.2 – Local Privilege Escalation
Bang Resto v1.0 – Stored Cross-Site Scripting (XSS)
Microsoft Word 16.72.23040900 – Remote Code Execution (RCE)