>> CATEGORY: exploit

SmarterMail 16 suffers from an arbitrary file upload vulnerability.

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.

This Metasploit module will send arbitrary file_paths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges (verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also…

10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities.

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Editor.

This Metasploit module exploits a buffer overflow vulnerability in Documalis Free PDF Scanner.

This Metasploit module exploits a shell upload vulnerability in Neon LMS versions prior to 4.9.1.

Frigate Professional version 3.36.0.9 Find Computer local SEH buffer overflow proof of concept exploit.

This proof of concept exploits a pre-authentication remote code execution vulnerability by combining SMBleed with SMBGhost.

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified…