This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.
>> CATEGORY: exploit
Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.
Firebase’s PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.
NetGear D1500 version 1.0.0.21_1.0.1PE suffers from a persistent cross site scripting vulnerability.
COMMAX Biometric Access Control System version 1.0.0 suffers from a cross site scripting vulnerability.
Chrome suffers from a JS object corruption vulnerability in WasmJs::InstallConditionalFeatures.
Simple Water Refilling Station Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Simple Water Refilling Station Management System version 1.0 suffers from a remote shell upload vulnerability.
TastyIgniter version 3.0.7 suffers from a persistent cross site scripting vulnerability.