Car Rental Management System version 1.0 remote SQL injection and shell upload exploit.
>> AUTHOR: deepcore
ShoreTel Conferencing version 19.46.1802.0 suffers from a cross site scripting vulnerability.
Anuko Time Tracker version 1.19.23.5325 suffers from a CSV formula injection vulnerability.
The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to…
This Metasploit module exploits a command injection vulnerability in Metasploit Framework’s msfvenom payload generator when using a crafted APK file as an Android payload template. Affected includes Metasploit Framework versions…
https://www.nakhonmaesotcity.go.th/readme.htm notified by Dijehaji
Customer Support System 1.0 – ‘description’ Stored XSS in The Admin Panel
Customer Support System 1.0 – Cross-Site Request Forgery
Customer Support System 1.0 – ‘username’ Authentication Bypass
CMSUno 1.6.2 – ‘user’ Remote Code Execution (Authenticated)