SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.
>> CATEGORY: exploit
SimplePHPGal version 0.7 suffers from a remote file inclusion vulnerability.
WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.
NEC Electra Elite IPK II WebPro version 01.03.01 suffers from a session enumeration vulnerability.
Saltstack version 3000.1 suffers from a remote code execution vulnerability.
webERP version 4.15.1 suffers from an unauthenticated backup file disclosure vulnerability.
ATutor LMS version 2.2.4 suffers from having a weak password reset hash.
This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation…
This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual…
IBM Data Risk Manager (IDRM) contains three vulnerabilities that can be chained by an unauthenticated attacker to achieve remote code execution as root. The first is an unauthenticated bypass, followed…
xt:Commerce version 5.4.1, 6.2.1, and 6.2.2 suffer from an improper access control vulnerability. A logged-in customer can create and alter addresses. These addresses are referenced by incrementing IDs. On saving…