PMB 5.6 – ‘chemin’ Local File Disclosure
>> AUTHOR: deepcore
PMB 5.6 – ‘chemin’ Local File Disclosure
Car Rental Management System 1.0 – Remote Code Execution (Authenticated)
Water Billing System 1.0 – ‘id’ SQL Injection (Authenticated)
KiteService 1.2020.1113.1 – ‘KiteService.exe’ Unquoted Service Path
Cisco 7937G – DoS/Privilege Escalation
Car Rental Management System 1.0 – ‘car_id’ Sql Injection
Pandora FMS 7.0 NG 749 – ‘CG Items’ SQL Injection (Authenticated)
Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where the password reset link can be replayed.
Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where password reset emails can be continuously triggered against unsuspecting users.
This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to…