>> CATEGORY: exploit

WBCE CMS version 1.5.2 authenticated remote code execution exploit.

This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value…

This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization. An API request to “/data-service/users/[userid]” with any low-authority user…

Korenix Technology JetWave products JetWave 2212X, JetWave 2212S, JetWave 2212G, JetWave 2311, and JetWave 3220 suffer from unauthenticated device administration, cross site request forgery, multiple command injection, and unauthenticated tftp…

WAGO 750-8xxx PLC versions prior to Firmware 20 Patch 1 (v03.08.08) suffer from denial of service and user enumeration vulnerabilities.

Voltage SecureMail Server versions prior to 7.3.0.1 suffer from a business logic bypass vulnerability.

Shopmetrics Mystery Shopping Software SaaS platform versions before v21-11 suffer from broken access control and cross site scripting vulnerabilities.

Feberr version 12.7 suffers from a remote shell upload vulnerability.

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability.

CONTPAQi AdminPAQ version 14.0.0 suffers from an unquoted service path vulnerability.