Dolibarr ERP/CRM version 11.0.4 authenticated file upload restrictions bypass exploit that achieves remote code execution.
Moodle version 3.10.3 suffers from a cross site scripting vulnerability.
Ovidentia version 6 suffers from a remote SQL injection vulnerability.
Worm.Win32.Recyl.dp malware suffers from an insecure permissions vulnerability.
Worm.Win32.Ngrbot.acno malware suffers from an insecure permissions vulnerability.
Genexis Platinum-4410 version P4410-V2-1.31A suffers from a persistent cross site scripting vulnerability.
Backdoor.Win32.DarkKomet.gozu malware suffers from an insecure permissions vulnerability.
Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
Moodle 3.10.3 – ‘label’ Persistent Cross Site Scripting