This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the…
>> CATEGORY: exploit
This Metasploit module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user…
WordPress GiveWP plugin version 2.9.7 suffers from a cross site scripting vulnerability.
Winpakpro version 4.8 suffers from multiple unquoted service path vulnerabilities.
CMS Made Simple version 2.2.15 suffers from a remote shell upload vulnerability.
CMS Made Simple version 2.2.15 suffers from a remote SQL injection vulnerability.
Zoom versions 5.4.3 (54779.1115) and 5.5.4 (13142.0301) temporarily shares other application windows not in scope for sharing.
SAPSetup Automatic Workstation Update Service 750 suffers from an unquoted service path vulnerability.
OSAS Traverse Extension 11 suffers from an unquoted service path vulnerability.
WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.