Cockpit CMS version 0.11.1 username enumeration and password reset NoSQL injection exploit.
>> CATEGORY: exploit
WordPress LifterLMS plugin version 4.21.1 suffers from an insecure direct object reference vulnerability.
IPCop version 2.1.9 authenticated remote code execution exploit.
WordPress Picture Gallery plugin version 1.4.2 suffers from a persistent cross site scripting vulnerability.
Facebook for Android is vulnerable to a permission issue which allows anyone with physical access to the Android device, to accept friend requests without unlocking the phone. Facebook does not…
Simple Library Management System version 1.0 suffers from a remote SQL injection vulnerability.
RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform…
RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform…
OneNav Beta version 0.9.12 suffers from a persistent cross site scripting vulnerability.
Microsoft Windows suffers from unsafe temporary directory use with the Malicious Software Removal Tool that can lead to elevation of privilege.