>> CATEGORY: exploit

NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.

NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities.

K2 Joomla! extension versions prior to 2.7.1 suffer from a cross site scripting vulnerability.

FortiManager (Series) suffers from a bookmark script insertion vulnerability.

FortiAnalyzer and FortiManager suffer from a client-side cross site scripting vulnerability.

WordPress Yoast SEO plugin versions prior to 3.4.1 suffer from a stored cross site scripting vulnerability.

Joomla Video Flow component versions 1.1.3 through 1.1.5 suffer from a remote SQL injection vulnerability.

This is an exploit against Samsung Security Manager that bypasses the patch in CVE-2015-3435 by exploiting the vulnerability against the client side. This exploit has been tested successfully against IE,…

This Metasploit module exploits the memory corruption vulnerability (CVE-2016-0189) present in the VBScript engine of Internet Explorer 11.

This Metasploit module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell.