FrozenNode Laravel-Administrator 4 – Unrestricted File Upload (Authenticated)
FrozenNode Laravel-Administrator 4 – Unrestricted File Upload (Authenticated)
WonderCMS 3.1.3 – ‘uploadFile’ Stored Cross-Site Scripting
Ruckus IoT Controller (Ruckus vRIoT) 1.5.1.0.21 – Remote Code Execution
WordPress Theme Wibar 1.1.8 – ‘Brand Component’ Stored Cross Site Scripting
WordPress Theme Accesspress Social Icons 1.7.9 – SQL injection (Authenticated)
SAP Lumira 1.31 – Stored Cross-Site Scripting
Wondershare Driver Install Service Help version 10.7.1.321 suffers from an unquoted service path vulnerability.
osCommerce version 2.3.4.1 suffers from a persistent cross site scripting vulnerability.
SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename…