WordPress version 4.8.2 fails to have an expiration mechanism tied to activation keys allowing for eternal use.
>> CATEGORY: exploit
Lansweeper version 6.0.100.29 suffers from an XML external entity injection vulnerability.
Metasploit Pro, Express, Ultimate, and Community suffer from a cross site request forgery vulnerability.
This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable.
A proof of concept has been released that bypasses the fix for the original finding regarding an incorrect optimization in BytecodeGenerator::emitGetByVal in WebKit JSC.
e2openplugin OpenWebif versions 0.2.9 through 1.2.4 suffer from a code execution vulnerability.
ERS Data System version 1.8.1 suffers from a java deserialization vulnerability.
Apache Tomcat versions prior to 9.0.1 (Beta), 8.5.23, 8.0.47, and 7.0.8 suffer from a jsp upload bypass vulnerability that allows for remote code execution.
EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.
Fiberhome AN5506-05-F suffers from a command injection vulnerability.