CuteNews version 2.1.2 Avatar upload remote shell upload exploit. Original discovery of remote shell upload in this version is attributed to Ozkan Mustafa Akkus in April of 2019.
>> AUTHOR: deepcore
Trojan-Dropper.Win32.Delf.p malware suffers from a buffer overflow vulnerability.
VestaCP version 0.9.8 suffers from a cross site request forgery that can be leveraged to add remote ssh access.
Backdoor.Win32.Agent.mzn malware suffers from a buffer overflow vulnerability.
VFS for Git 1.0.21014.1 – ‘GVFS.Service’ Unquoted Service Path
VestaCP 0.9.8 – ‘v_interface’ Add IP Stored XSS
rConfig 3.9.6 – Arbitrary File Upload to Remote Code Execution (Authenticated)
SEO Panel 4.8.0 – ‘order_col’ Blind SQL Injection
Hestia Control Panel 1.3.2 – Arbitrary File Write
GeoGebra CAS Calculator version 6.0.631.0 suffers from a denial of service vulnerability.