ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.
>> AUTHOR: deepcore
Tiny MySQL suffers from a cross site scripting vulnerability.
Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.
WordPress ChopSlider plugin version 3 suffers from a remote SQL injection vulnerability.
WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.
WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.
Creative Zone suffers from a remote SQL injection vulnerability.
The ManageEngine Asset Explorer windows agent suffers form a remote code execution vulnerability. All versions prior to 1.0.29 are affected.
This Metasploit module leverages a trusted file overwrite with a dll hijacking vulnerability to gain SYSTEM-level access on vulnerable Windows 10 x64 targets.