WordPress Elementor versions 3.6.0, 3.6.1, and 3.6.2 suffer from a remote shell upload vulnerability.
>> CATEGORY: exploit
Backdoor.Win32.Loselove malware suffers from a denial of service vulnerability.
WordPress Videos Sync PDF plugin version 1.7.4 suffers from a persistent cross site scripting vulnerability.
Trojan.Win32.TScash.c malware suffers from an insecure permissions vulnerability.
Backdoor.Win32.Hupigon.haqj malware suffers from an unquoted service path vulnerability.
PKP Open Journals System version 3.3 suffers from a cross site scripting vulnerability.
7-Zip version 21.07 suffers from a code execution vulnerability that allows for local privilege escalation.
ManageEngine ADSelfService Plus version 6.1 suffers from a user enumeration vulnerability.
Backdoor.Win32.Psychward.03.a malware suffers from a weak hardcoded password vulnerability.
Responsive Online Blog version 1.0 remote blind boolean-based SQL injection exploit that retrieves usernames and md5 hashes for all site users. Original discovery of the vulnerability is attributed to Eren…