MPEngine MsMpEng in Microsoft Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more suffers from a remotely exploitable type confusion.
>> CATEGORY: exploit
ViMbAdmin version 3.0.15 suffers from multiple cross site request forgery vulnerabilities.
ViMbAdmin version 3.0.15 suffers from multiple cross site scripting vulnerabilities.
CloudBees Jenkins version 2.32.1 suffers from an unauthenticated remote code execution vulnerability.
WordPress Facebook plugin versions 1.0.13 and below suffer from a remote SQL injection vulnerability.
WordPress Spider Event Calendar plugin versions 1.5.49 and below suffer from a remote SQL injection vulnerability.
WordPress WebDorado Gallery plugin versions 1.3.29 and below suffer from a remote SQL injection vulnerability.
This Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint…
WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.
Mura CMS version 7.0.6967 suffers from cross site scripting vulnerabilities.