VMware vCenter Server version 7.0 unauthenticated arbitrary file upload exploit.
Covid-19 Contact Tracing System version 1.0 suffers from a remote code execution vulnerability.
Online Catering Reservation System version 1.0 suffers from an unauthenticated remote code execution vulnerability.
Trojan-Spy.Win32.Stealer.osh malware suffers from an insecure permissions vulnerability.
Concrete5 version 8.5.4 suffers from a persistent cross site scripting vulnerability.
This Metasploit module exploits an unauthenticated arbitrary file upload via an insecure POST request to Fortilogger. It has been tested on version 4.4.2.2 in Windows 10 Enterprise.
This archive contains all of the 189 exploits added to Packet Storm in February, 2021.
Zen Cart 1.5.7b – Remote Code Execution (Authenticated)
Tiny Tiny RSS – Remote Code Execution
Web Based Quiz System 1.0 – ‘name’ Persistent/Stored Cross-Site Scripting