Worm.Win32.Ngrbot.abpr malware suffers from an insecure permissions vulnerability.
>> CATEGORY: exploit
Ovidentia version 6 suffers from a remote SQL injection vulnerability.
Moodle version 3.10.3 suffers from a cross site scripting vulnerability.
Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
Worm.Win32.Ngrbot.acno malware suffers from an insecure permissions vulnerability.
Worm.Win32.Recyl.dp malware suffers from an insecure permissions vulnerability.
Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
Backdoor.Win32.DarkKomet.gozu malware suffers from an insecure permissions vulnerability.
Genexis Platinum-4410 version P4410-V2-1.31A suffers from a persistent cross site scripting vulnerability.
This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.