>> CATEGORY: exploit

Two denial of service exploits for Cisco 7937G versions SIP-1-4-5-7 and below.

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.

ManageEngine ADSelfService Plus 6000 unauthenticated remote code execution exploit.

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.

Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Travel Management System version 1.0 unauthenticated remote code execution exploit.

Tailor Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

CodeMeter version 6.60 suffers from an unquoted service path vulnerability.

Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.

Online Shopping Alphaware version 1.0 suffers from an insecure direct object reference vulnerability.