>> CATEGORY: Security

Intelbras Router RF 301K – ‘DNS Hijacking’ Cross-Site Request Forgery (CSRF)

WordPress Plugin wpDiscuz 7.0.4 – Remote Code Execution (Unauthenticated)

Nsauditor 3.2.3 – Denial of Service (PoC)

Backup Key Recovery 2.2.7 – Denial of Service (PoC)

NBMonitor 1.6.8 – Denial of Service (PoC)

WordPress Plugin wpDiscuz 7.0.4 – Arbitrary File Upload (Unauthenticated)

Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)

Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)

IcoFX 2.6 – ‘.ico’ Buffer Overflow SEH + DEP Bypass using JOP

WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)