>> AUTHOR: deepcore

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component’s unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed…

Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in…

Kartris version 1.6 suffers from an arbitrary file upload vulnerability.

Pi-hole versions 4.4 and below remote code execution and privilege escalation exploit.

Pi-hole versions 4.4 and below suffer from a remote code execution vulnerability.

Online AgroCulture Farm Management System version 1.0 suffers from a remote SQL injection vulnerability that leverages the uname parameter.

Victor CMS version 1.0 suffers from a remote SQL injection vulnerability.

CuteNews version 2.1.2 suffers from an arbitrary file deletion vulnerability.

Complaint Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.