>> CATEGORY: exploit

B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php…

ForensiTAppxService version 2.2.0.4 suffers from an unquoted service path vulnerability.

This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell…

Online Shop Project version 1.0 suffers from a remote SQL injection vulnerability.

Seat Reservation System version 1.0 suffers from a remote SQL injection vulnerability.

BlackCat CMS version 1.3.6 suffers from a cross site request forgery vulnerability.

Mida eFramework version 2.9.0 suffers from having a backdoor access vulnerability.

D-Link DGS-1210-28 suffers from a denial of service vulnerability.

SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.

The Navy Federal site at navyfederal.org suffered from a cross site scripting vulnerability.