Itech Multi Vendor Script version 6.49 suffers from multiple remote SQL injection vulnerabilities.
>> CATEGORY: exploit
SlimarUSER Management version 1.0 suffers from a remote SQL injection vulnerability.
WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection proof of concept exploit.
Microsoft Windows 10 SMBv3 tree connect proof of concept exploit.
Ghostscript version 9.20 suffers from a local command execution vulnerability due to trusting unsanitized filenames.
Zoneminder versions 1.29 and 1.30 suffer from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.
WordPress versions 4.7.0 and 4.7.1 unauthenticated content injection and arbitrary code execution exploit.
MailStore versions 9.2 through 10.0.1 suffer from a cross site scripting vulnerability. Additionally, versions 9.0 through 10.0.1 suffer from an open redirection vulnerability.
POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance.
QNAP NVR and NAS devices suffer from multiple overflows. Various makes and models are affected. Full exploitation details provided.