The ZyXEL PK5001Z modem has a hardcoded backdoor admin account that allows escalation to root.
>> CATEGORY: exploit
OctoberCMS version 1.0.426 (Build 426) suffers from a cross site request forgery vulnerability.
Ingenious School Management System version 2.3.0 suffers from a remote SQL injection vulnerability.
US Zip Codes Database suffers from a remote SQL injection vulnerability.
Shareet Photo Sharing Social Network suffers from a remote SQL Injection vulnerability.
Newspaper Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability.
AROX School ERP PHP Script suffers from a remote SQL injection vulnerability.
Protected Links suffers from a remote SQL injection vulnerability.
Oracle Java SE installs a protocol handler in the registry as “HKEY_CLASSES_ROOTjnlpShellOpenCommandDefault” ‘C:Program FilesJavajre1.8.0_131binjp2launcher.exe” -securejws “%1″‘. This can allow allow an attacker to launch remote jnlp files with little user…
Vir.IT eXplorer Anti-Virus suffers from a privilege escalation vulnerability.