>> CATEGORY: exploit

This Metasploit module exploits a flaw where an authenticated user with sufficient administrative rights to manage pollers can use this functionality to execute arbitrary commands remotely. Usually, the miscellaneous commands…

The UADMIN Botnet suffers from a remote SQL injection vulnerability.

Enhanced Multimedia Router version 3.0.4.27 suffers from a cross site request forgery vulnerability.

MiladWorkShop VIP System version 1.0 suffers from a remote SQL injection vulnerability.

PHPKB Multi-Language 9 suffers from an authenticated remote code execution vulnerability.

PHPKB Multi-Language 9 suffers from an authenticated directory traversal vulnerability.

The shared ShaderCache directory can be exploited to create an arbitrary file on the file system leading to elevation of privilege.

PHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the…

CoronaBlue aka SMBGhost proof of concept exploit for Microsoft Windows 10 (1903/1909) SMB version 3.1.1. This script connects to the target host, and compresses the authentication request with a bad…