This Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the…
>> CATEGORY: exploit
Online Course Registration version 1.0 unauthenticated remote code execution exploit.
Vehicle Parking Management System version 1.0 suffer from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass.
Infor Storefront B2B version 1.0 suffers from a remote SQL injection vulnerability.
Wing FTP Server version 6.3.8 authenticated remote code execution exploit that leverages the web console.
Web Based Online Hotel Booking System version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Online Farm Management System version 0.1.0 suffers from a persistent cross site scripting vulnerability.
Various V-SOL OLTs suffer from multiple backdoor issues, hardcoded RSA keys, potential command injection, and insecure management vulnerabilities.
Verint Impact 360 version 15.1 has an issue where the helpURL parameter in wfo/help/help_popup.jsp can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in…
Verint Impact 360 version 15.1 suffers from an open redirection vulnerability.