Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
>> CATEGORY: exploit
ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko)….
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability.
Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation.
Hospital Management System version 4.0 suffers from a persistent cross site scripting vulnerability in add-patient.php. This version is already known to have persistent cross site scripting issues.
Easy XML Editor version 1.7.8 suffers from an XML external entity injection vulnerability.
Adive Framework version 2.0.8 suffers from a persistent cross site scripting vulnerability.