OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.
>> CATEGORY: exploit
Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.
Micron CMS version 5.3 suffers from a remote SQL injection vulnerability.
Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.
IBM BlueMix Cloud suffers from a client-side malicious script insertion vulnerability.
This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.
WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.
GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.
AWBS version 2.9.6 suffers from remote SQL injection and cross site scripting vulnerabilities.
RS232-NET Converter (JTC-200) suffers from cross site request forgery and weak credential management vulnerabilities along with unauthenticated access over telnet.