>> CATEGORY: exploit

DuckieTV CMS version 1.1.5 suffers from a local file inclusion vulnerability.

binutils version 2.29.51.20170921 suffers from a read_1_byte heap-based buffer overflow vulnerability.

ASX to MP3 version 3.1.3.7 .m3u buffer overflow exploit.

VX Search Enterprise version 10.1.12 suffers from a buffer overflow vulnerability.

Sync Breeze Enterprise version 10.1.16 GET request SEH overflow exploit.

WordPress Pootie Button plugin version 1.1.1 suffers from a cross site scripting vulnerability.

WordPress PopCash.Net Publisher Code Integration plugin version 1.0 suffers from a cross site scripting vulnerability.

OctoberCMS version 1.0.425 suffers from a stored cross site scripting vulnerability.

X-Cart versions 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 suffer from a PHP code injection vulnerability.

This Metasploit module uploads a jsp payload and executes it.