>> CATEGORY: exploit

Responsive E-Learning System version 1.0 suffers from a persistent cross site scripting vulnerability.

Newgen Correspondence Management System (corms) eGov version 12.0 suffers from an insecure direct object reference vulnerability.

WordPress Litespeed Cache plugin version 3.6 suffers from a cross site scripting vulnerability.

WinAVR version 20100110 suffers from an insecure folder permissions vulnerability.

This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which…

IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.

Backdoor.Win32.Zombam.k malware suffers from a remote string dereference stack buffer overflow vulnerability.

sar2html version 3.2.1 remote code execution exploit. Original discovery for this vector of attack is attributed to Furkan Kayapinar in August of 2019.

CMS Made Simple version 2.2.15 suffers from an authenticated remote command execution vulnerability.

Subrion CMS version 4.2.1 suffers from a cross site scripting vulnerability. Original discovered of cross site scripting in this version is attributed to Ismail Tasdelen in July of 2018.