>> CATEGORY: exploit

SSDWLAB version 6.1 suffers from an authentication bypass vulnerability.

Revive Adserver version 4.2 suffers from a code execution vulnerability.

Fronius Solar Inverter Series with software versions below 3.14.1 (HM 1.12.1) suffer from unencrypted communication and path traversal vulnerabilities.

YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.

NSAuditor version 3.1.8.0 suffers from a Name denial of service vulnerability.

NSAuditor version 3.1.8.0 suffers from a Key denial of service vulnerability.

Anviz CrossChex version 4.3.12 suffers from a buffer overflow vulnerability.

Microsoft Visual Studio 2008 Express IDE suffers from an XML external entity injection vulnerability.

Dokuwiki version 2018-04-22b suffers from a username enumeration vulnerability.

This Metasploit module exploits a command injection in Ajenti version 2.1.31. By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.