PHP Event Calendar Lite Edition suffers from a persistent cross site scripting vulnerability.
>> CATEGORY: exploit
Backdoor.Win32.Jokerdoor malware suffers from a buffer overflow vulnerability.
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the…
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password…
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added,…
Pentaho allows users to create and manage Data Sources. Users can select a Data Source when creating a Dashboard through the Pentaho User Console. When a Data Source is added,…
Opencart 3 Extension TMD Vendor System suffers from a remote blind SQL injection vulnerability.
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation…
This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation…
Fuel CMS version 1.4.1 remote code execution exploit. Original discovery of remote code execution in this version is attributed to 0xd0ff9 in July of 2019.