Tag: 0day

[webapps] Live Call Support Widget 1.5 – Remote Code Execution / SQL Injection

[webapps] Live Call Support Widget 1.5 – Cross-Site Request Forgery (Add Admin)

[remote] Hootoo HT-05 – Remote Code Execution (Metasploit)

[local] xorg-x11-server < 1.20.3 – Local Privilege Escalation (Solaris 11 inittab)

[webapps] Find a Place CMS Directory 1.5 – SQL Injection

[webapps] Craigs Classified Ads CMS Theme 1.0.2 – SQL Injection

[webapps] Lenovo R2105 – Cross-Site Request Forgery (Command Execution)

[webapps] Cleanto 5.0 – SQL Injection

[webapps] Hucart CMS 5.7.4 – Cross-Site Request Forgery (Add Administrator Account)

[webapps] HealthNode Hospital Management System 1.0 – SQL Injection