SugarCRM version 6.5.18 suffers from a persistent cross site scripting vulnerability.
>> CATEGORY: exploit
Kaa IoT Platform version 1.2.0 suffers from a persistent cross site scripting vulnerability.
AIX version 5.3L /usr/sbin/lquerypv local root privilege escalation exploit.
Froxlor version 0.10.16 suffers from persistent cross site scripting vulnerabilities.
SugarCRM version 6.5.18 suffers from a persistent cross site scripting vulnerability.
WordPress plugin Buddypress version 6.2.0 suffers from a persistent cross site scripting vulnerability.
Artworks Gallery version 1.0 suffers from multiple remote shell upload vulnerabilities.
Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where the password reset link can be replayed.
Anuko Time Tracker version 1.19.23.5311 suffers from an implementation flaw where password reset emails can be continuously triggered against unsuspecting users.
This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to…