PasteShr version 1.6 suffers from multiple remote SQL injection vulnerabilities.
>> CATEGORY: exploit
This Metasploit module exploits a command execution vulnerability in PHP-Fusion versions 9.03.00 and below. It is possible to execute commands in the system with ordinary user authority.
Schneider Electric U.Motion Builder version 1.3.4 suffers from an unauthenticated command injection vulnerability in track_import_export.php.
Alkacon OpenCMS version 10.5.4 suffers from a cross site scripting vulnerability.
Alkacon OpenCMS version 10.5.4 suffers from a CSV injection vulnerability.
WolfCMS version 0.8.3.1 suffers from a cross site scripting vulnerability.
Enghouse Interactive’s CCSP version 7.2.5 suffers from API related XML external entity injection server-side request forgery vulnerabilities.
SpotMSN version 2.4.6 denial of service proof of concept exploit.
WordPress Form Maker plugin version 1.13.3 suffers from a remote SQL injection vulnerability.
DNSS Domain Name Search Software version 2.1.8 denial of service proof of concept exploit.