Simple Subscription Website 1.0 – SQLi Authentication Bypass
Simple Subscription Website 1.0 – SQLi Authentication Bypass
KONGA 0.14.9 – Privilege Escalation
WordPress Plugin Contact Form to Email 1.3.24 – Stored Cross Site Scripting (XSS) (Authenticated)
WordPress Plugin WPSchoolPress 2.1.16 – ‘Multiple’ Cross Site Scripting (XSS)
Mumara Classic versions 2.93 and below suffer from a remote SQL injection vulnerability.
Microsoft MultiPoint Server 2011 version 6.1 Compilation 7601 Service Pack 1 suffers from an RpcEptMapper and Dnschade local privilege escalation vulnerability.
WordPress WP Symposium Pro version 2021.10 suffers from a persistent cross site scripting vulnerability.
Xlight FTP version 3.9.3.1 suffers from a buffer overflow vulnerability.
WordPress AccessPress Social Icons plugin version 1.8.2 suffers from a persistent cross site scripting vulnerability.
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the…