Tag: 0day

[webapps] WordPress Epsilon Framework Multiple Themes – Unauthenticated Function Injection

[webapps] TerraMaster TOS 4.2.06 – Unauthenticated Remote Code Execution (Metasploit)

[webapps] Baby Care System 1.0 – 'roleid' SQL Injection

[webapps] Victor CMS 1.0 – File Upload To RCE

[webapps] WordPress Plugin W3 Total Cache – Unauthenticated Arbitrary File Read (Metasploit)

[webapps] Pandora FMS 7.0 NG 750 – 'Network Scan' SQL Injection (Authenticated)

[webapps] WordPress Plugin Contact Form 7 5.3.1 – Unrestricted File Upload

[webapps] Queue Management System 4.0.0 – "Add User" Stored XSS

[webapps] Spotweb 1.4.9 – 'search' SQL Injection

[webapps] Academy-LMS 4.3 – Stored XSS