The vulnerability laboratory core research team discovered a critical remote session vulnerability in the Ladesk Agent online service web-application.
>> CATEGORY: exploit
SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
WordPress Ultimate Product Catalog plugin version 3.8.6 suffers from a remote shell upload vulnerability.
vPet Engine version 2.1 suffers from remote SQL injection and default backdoor admin account vulnerabilities.
SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
This Metasploit module exploits a file upload vulnerability in Wolf CMS version 0.8.2. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary…
XuezhuLi FileSharing suffers from a path traversal vulnerability.
Getsimple CMS versions 3.3.10 and below suffer from a remote shell upload vulnerability.