>> CATEGORY: exploit

WordPress WP-PostRatings plugin version 1.86 suffers from a cross site scripting vulnerability.

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication,…

The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to…

Multiple themes from the WordPress Epsilon Framework suffer from an unauthenticated function injection vulnerability that allows for server-side request forgery and denial of service attacks.

10-Strike Network Inventory Explorer Pro version 9.05 SEH buffer overflow exploit.

TerraMaster TOS version 4.2.06 unauthenticated remote code execution exploit.

This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.

Baby Care System version 1.0 suffers from a remote SQL injection vulnerability.

Class Scheduling System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.