>> CATEGORY: exploit

Blackcat CMS version 1.2 suffers from a cross site scripting vulnerability.

SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.

Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.

WordPress FormCraft Basic plugin version 1.0.5 suffers from multiple remote SQL injection vulnerabilities.

Eltek SmartPack has backdoor accounts that are disclosed via some json files.

This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.

This Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which…

This Metasploit module exploits a POST buffer overflow in the Easy File Sharing FTP Server 7.2 software.

Adobe Flash suffers from an image decoding out-of-bounds read vulnerability.

Adobe Flash suffers from an avc edge processing out-of-bounds read vulnerability.