>> AUTHOR: deepcore

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is…

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the “sortfield” POST parameter of the rpc.php…

nopCommerce Store version 4.30 suffers from a persistent cross site scripting vulnerability.

Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.

OpenCart version 3.0.3.6 suffers from multiple persistent cross site scripting vulnerabilities.

Seowon 130-SLC router version 1.0.11 suffers from a remote code execution vulnerability.

This Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the “/cgi-bin/kerbynet” url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it…

ZTE WLAN router MF253V version 1.0.0B04 suffers from cross site request forgery, hardcoded password, outdated component, and cross site scripting vulnerabilities.