Dolibarr CRM versions prior to 3.9.1 suffer from a command injection vulnerability.
>> CATEGORY: exploit
Quick.Cart.Ext versions 6.7 and below remote admin add cross site request forgery exploit.
Tiki-Wiki CMS’s calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set…
Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.
WordPress Contus Video Comments plugin version 1.0 suffers from a remote file upload vulnerability.
This Metasploit module exploits a buffer overflow vulnerability found in the ls command of the PCMAN FTP version 2.0.7 Server.
A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system.
FinderView suffers from path traversal and cross site scripting vulnerabilities.
XuezhuLi FileSharing suffers from a cross site request forgery vulnerability.
Horsys version 8 suffers from session fixation, user enumeration, cross site scripting, and various other vulnerabilities.