>> CATEGORY: exploit

Joomla version 1.5.26 with OrgChart component version 1.0.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

Joomla version 1.5.26 with EstateAgent component version 3.x suffers from a remote SQL injection vulnerability.

openITCOCKPIT version 3.6.1-2 suffers from a cross site request forgery vulnerability.

Plexo Torresoft Alex Torres Software version 2.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a persistent cross site scripting vulnerability.

Django CRM version 0.2.1 suffers from multiple cross site request forgery vulnerabilities.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a cross site request forgery vulnerability.

Webmin version 1.890 (based on 1.920 research) expired remote root exploit.

Nimble Stream versions 3.0.2-2 up to 3.5.4.9 suffer from a directory traversal vulnerability.

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project’s site. Unknown…