This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It…
>> CATEGORY: exploit
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller’s token before scheduling a job to be run as SYSTEM. You cannot…
MSI Ambient Link Driver version 1.0.0.8 suffers from a local privilege escalation vulnerability.
Joplin version 1.0.245 suffers from a cross site scripting vulnerability that can lead to allowing for remote code execution.
Mida eFramework version 2.8.9 suffers from a remote code execution vulnerability.
Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability.
BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.
Simple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability.
Online Food Ordering System version 1.0 suffers from a remote code execution vulnerability.
Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.