>> CATEGORY: exploit

Inteno EG200 routers with firmware versions EG200-WU7P1U_ADAMO3.16.4-190226_1650 and below have a JUCI ACL misconfiguration that allows the “user” account to extract the 3DES key via JSON commands to ubus. The…

LastPass suffers from an issue where bypassing do_popupregister() leaks credentials from the previous site.

FTPShell Client version 6.74 suffers from a local buffer overflow denial of service vulnerability.

Folder Lock version 7.7.9 suffers from a denial of service vulnerability.

Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.

phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability.

Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.

Opencart version 2.3.0.2 pre-authentication remote command execution exploit.

This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of…

LimeSurvey versions 3.17.13 and below suffer from reflective and persistent cross site scripting vulnerabilities.