>> CATEGORY: exploit

Microsoft Internet Explorer suffers from a MSHTML!CSVGHelpers::SetAttributeStringAndPointer use-after-free vulnerability.

Mautic version 1.3.0 suffers from cross site request forgery, denial of service, user enumeration, and cross site scripting vulnerabilities.

Xion Audio Player versions 1.5 build 160 and below local proof of concept crash exploit.

WordPress Advanced Video plugin version 1.0 suffers from a local file inclusion vulnerability.

WordPress Scoreme theme suffers from a cross site scripting vulnerability.

PQI Air Pen Express router versions 6W51-0000R2 and 6W51-0000R2XXX suffer from cross site request forgery, cross site scripting, and various other vulnerabilities.

This particular vulnerability makes it possible to force a Stratum Mining Pool to accept “invalid” shares by the thousands for each mining pool round. It is possible to make pure…

This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.

This Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.

ManageEngine Password Manager Pro builds 8.1 through 8.3 suffer from bypass, cross site request forgery, privilege escalation, user enumeration, and cross site scripting vulnerabilities.