>> AUTHOR: deepcore

WordPress Mapplic-Lite plugin version 1.0 suffers from a server-side request forgery vulnerability that can be leveraged to commit cross site scripting attacks.

ActivIdentity version 8.2 suffers from an unquoted service path vulnerability.

ELAN Touchpad version 15.2.13.1_X64_WHQL suffers from an unquoted service path vulnerability.

Online Reviewer Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Online Reviewer Management System version 1.0 remote SQL injection exploit that allows for authentication bypass.

Elodea Event Collector version 4.9.3 suffers from an unquoted service path vulnerability.

Hotel And Lodge Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Online Reviewer Management System version 1.0 suffers from a remote shell upload vulnerability.

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the…

This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user…