Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging…
Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)
Aero CMS v0.0.1 – SQLi
WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)
WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)
Teleport v10.1.1 – Remote Code Execution (RCE)
TP-Link Tapo c200 1.1.15 – Remote Code Execution (RCE)
Feehi CMS 2.1.1 – Remote Code Execution (RCE) (Authenticated)
WiFiMouse version 1.8.3.4 suffers from a remote code execution vulnerability.
This Metasploit module utilizes the Unified Remote remote control protocol to type out and deploy a payload. The remote control protocol can be configured to have no passwords, a group…