GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.
>> AUTHOR: deepcore
GFI Mail Archiver versions 15.1 and below Telerik UI component unauthenticated arbitrary file upload exploit.
Apache OfBiz version 17.12.01 exploit that achieves remote command execution via unsafe deserialization of XMLRPC arguments.
WordPress WP Customize Login plugin version 1.1 suffers from a persistent cross site scripting vulnerability.
Riak runs as an Erlang service configured with a default cookie of riak that allows for remote command execution if not modified before use.
Client Management System version 1.1 suffers from a persistent cross site scripting vulnerability. This is a variant from the discovery of persistent cross site scripting in this version originally found…
qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.
Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
CMSuno 1.7 – ‘tgo’ Stored Cross-Site Scripting (XSS) (Authenticated)
GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated)