DAViCal CalDAV Server versions 1.1.8 and below suffer from a reflective cross site scripting vulnerability.
>> CATEGORY: exploit
This Metasploit module exploits vBulletin versions 5.x through 5.5.4 leveraging a remote command execution vulnerability via the widgetConfig[code] parameter in an ajax/render/widget_php routestring POST request.
This is a full browser compromise exploit chain targeting Mozilla Firefox on Windows 64-bit. It uses CVE-2019-9810 for getting code execution in both the content process as well as the…
Proof of concept exploit that demonstrates a Microsoft Windows 10 UAC bypass for all executable files which are autoelevate true.
PRO-7070 Hazir Profesyonel Web Sitesi version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
SpotAuditor version 5.3.2 Base64 local buffer overflow SEH exploit.
Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.
Alcatel-Lucent Omnivista 8770 suffers from a remote code execution vulnerability.
Oracle Siebel Sales version 8.1 suffers from a persistent cross site scripting vulnerability.
Microsoft Skype for Business latest versions affected from external service interaction (DNS) vulnerability. A remote attacker could force the vulnerable server to send DNS request to any remote server attacker…