ManageEngine ADSelfService Plus 6000 unauthenticated remote code execution exploit.
>> AUTHOR: deepcore
vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.
Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Travel Management System version 1.0 unauthenticated remote code execution exploit.
vBulletin 5.6.2 – ‘widget_tabbedContainer_tab_panel’ Remote Code Execution
CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload
http://suratpeo.go.th notified by Mr.Z
Fuel CMS 1.4.7 – ‘col’ SQL Injection (Authenticated)
Warehouse Inventory System 1.0 – Cross-Site Request Forgery (Change Admin Password)
ManageEngine ADSelfService Build prior to 6003 – Remote Code Execution (Unauthenticated)