Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability.
>> CATEGORY: exploit
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the…
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated…
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname…
A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150 Home Router in multiple respective firmware versions. The vulnerability provides unauthenticated remote access to the router’s WAN configuration page…
MapProxy version 1.11.0 suffers from a cross site scripting vulnerability.
Linux suffers from use-after-free read vulnerabilities in show_numa_stats().
Open-School version 3.0 and Community Edition 2.3 suffers from a cross site scripting vulnerability.
Aptana Jaxer version 1.0.3.4547 suffers from a local file inclusion vulnerability.
This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.