>> CATEGORY: exploit

Cross site scripting attacks can be launched against DotNetNuke CMS version 9.5.0 by uploading a malicious XML file.

DotNetNuke CMS version 9.5.0 suffers from file extension check bypass vulnerability that allows for arbitrary file upload.

eLection version 2.0 suffers from a remote SQL injection vulnerability.

DotNetNuke CMS version 9.4.4 suffers from zip split issue where a directory traversal attack can be performed to overwrite files or execute malicious code.

CandidATS version 2.1.0 suffers from a cross site request forgery vulnerability.

Android Binder use-after-free exploit.

ACE SECURITY WiP-90113 HD Camera remote configuration disclosure exploit.

SecuSTATION IPCAM-130 HD Camera remote configuration disclosure exploit.

Revotech I6032B-P POE 1920x1080P 2.0MP outdoor camera remote configuration disclosure exploit.

AMSS++ version 4.31 suffers from a remote SQL injection vulnerability.