This Metasploit module exploits an authenticated command injection vulnerability affecting Cisco ASA-X with FirePOWER Services. This exploit is executed through the ASA’s ASDM web server and lands in the FirePower…
WordPress Netroics Blog Posts Grid plugin version 1.0 suffers from a persistent cross site scripting vulnerability.
Apple Security Advisory 2022-08-31-1 – iOS 12.5.6 addresses code execution and out of bounds write vulnerabilities.
Doctor’s Appointment System version 1.0 suffers from a cross site scripting vulnerability in register.php. Original discovery of cross site scripting in this version is attributed to Soham Bakore in February…
Doctor’s Appointment System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Soham Bakore and Nakul Ratti in February…
WordPress Plugin Netroics Blog Posts Grid 1.0 – Stored Cross-Site Scripting (XSS)
WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS)
Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass
The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.
This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows…