WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
>> CATEGORY: exploit
WordPress Ad Widget plugin versions 2.10.0 and below suffer from a local file inclusion vulnerability.
This Metasploit module exploits the authentication bypass and command injection vulnerability together. Unauthenticated users can execute a terminal command under the context of the web server user. The specific flaw…
PyroBatchFTP version 3.17 suffers from a local buffer overflow vulnerability.
Utilizing Rancher Server, an attacker can create a docker container with the ‘/’ path mounted with read/write permissions on the host server that is running the docker container. As the…
During a security audit of Magento Community Edition / Open Source and Commerce, cross site request forgery and stored cross site scripting vulnerabilities were discovered that could lead to administrator…
SmartBear SoapUI version 5.3.0 suffers from a remote code execution vulnerability via deserialization.
Unitrends UEB version 9.1 bpserverd remote command execution exploit.
Lansweeper version 6.0.0.63 suffers from a cross site scripting vulnerability.
This is a collection of exploits for the recently-patched win32kfull!bFill vulnerability. Executing the Palette or Bitmap exploit will give you SYSTEM privileges on the affected system. The exploits should work…