WordPress Plugin Contact Form Builder 1.0.67 – Cross-Site Request Forgery / Local File Inclusion
>> CATEGORY: Security
Linux/ARM – Password-Protected Reverse TCP Shellcode (100 bytes)
LabF nfsAxe 3.7 Ping Client – ‘Host IP’ Buffer Overflow (Direct Ret)
74CMS 5.0.1 – Cross-Site Request Forgery (Add New Admin User)
ManageEngine Applications Manager 14.0 – Authentication Bypass / Remote Command Execution (Metasploit)
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – Directory Traversal
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 – XML External Entity Injection
SystemTap 1.3 – MODPROBE_OPTIONS Privilege Escalation (Metasploit)
Atlassian Confluence Widget Connector Macro – Velocity Template Injection (Metasploit)
Evernote 7.9 – Code Execution via Path Traversal