An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote…
>> CATEGORY: exploit
WordPress version 5.7 suffers from a Media Library XML external entity injection vulnerability.
Positive Technologies Maxpatrol 8 and Xspider appears to suffer from a denial of service vulnerability.
Church Management System version 1.0 remote shell upload exploit.
Online Food Ordering System version 2.0 remote shell upload exploit.
Budget and Expense Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
T-Soft E-Commerce version 4 suffers from a cross site request forgery vulnerability.
Church Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Murat Demirci in July of 2021.
This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.
This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.