This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
>> AUTHOR: deepcore
Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)
COVID19 Testing Management System 1.0 – ‘Multiple’ SQL Injections
Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)
crossfire-server 1.9.0 – ‘SetUp()’ Remote Buffer Overflow
This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.
Firebase’s PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.
NetGear D1500 version 1.0.0.21_1.0.1PE suffers from a persistent cross site scripting vulnerability.