>> CATEGORY: exploit

Kaspersky Virtual Keyboard suffers from a path traversal vulnerability.

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet…

This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this…

WordPress Admin Management Xtended plugin version 2.4.0 suffers from a privilege escalation vulnerability.

SAP NetWeaver J2EE engine version 7.40 suffers from a remote SQL injection vulnerability.

A reflected cross site scripting vulnerability was found in synnefoclient for Synnefo IMS 2015. The vulnerability has been discovered in the plan_name parameter on the request to fetch the package…

Joomla Shape 5 MP3 Player version 2.0 suffers from a local file disclosure vulnerability.

Datalife Engine version 9.7 engine/preview.php bindshell exploit that binds a shell to port 4444.

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. This attack also works…

The attached PEncrypt packed executable causes an OOB write on Avast Server Edition. The attached testcase has the password “infected” to avoid disrupting your mail server.