Security Vulnerabilities & Exploits

[webapps] SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

The Exploit Database - 17 Listopad, 2021 - 01:00
SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit)

[webapps] Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)

The Exploit Database - 17 Listopad, 2021 - 01:00
Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated)

[webapps] Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)

The Exploit Database - 17 Listopad, 2021 - 01:00
Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)

[webapps] CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)

The Exploit Database - 16 Listopad, 2021 - 01:00
CMDBuild 3.3.2 - 'Multiple' Cross Site Scripting (XSS)

[webapps] Online Learning System 2.0 - Remote Code Execution (RCE)

The Exploit Database - 16 Listopad, 2021 - 01:00
Online Learning System 2.0 - Remote Code Execution (RCE)

[webapps] PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

The Exploit Database - 15 Listopad, 2021 - 01:00
PHP Laravel 8.70.1 - Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)

[webapps] WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)

The Exploit Database - 15 Listopad, 2021 - 01:00
WordPress Plugin Contact Form to Email 1.3.24 - Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)

The Exploit Database - 15 Listopad, 2021 - 01:00
Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated)

[webapps] Simple Subscription Website 1.0 - SQLi Authentication Bypass

The Exploit Database - 15 Listopad, 2021 - 01:00
Simple Subscription Website 1.0 - SQLi Authentication Bypass

[webapps] KONGA 0.14.9 - Privilege Escalation

The Exploit Database - 15 Listopad, 2021 - 01:00
KONGA 0.14.9 - Privilege Escalation

[webapps] WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)

The Exploit Database - 15 Listopad, 2021 - 01:00
WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting (XSS)

[webapps] Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)

The Exploit Database - 12 Listopad, 2021 - 01:00
Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)

[local] Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

The Exploit Database - 12 Listopad, 2021 - 01:00
Windows MultiPoint Server 2011 SP1 - RpcEptMapper and Dnschade Local Privilege Escalation

[dos] Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)

The Exploit Database - 12 Listopad, 2021 - 01:00
Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)

[webapps] WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)

The Exploit Database - 12 Listopad, 2021 - 01:00
WordPress Plugin AccessPress Social Icons 1.8.2 - 'icon title' Stored Cross-Site Scripting (XSS)

[webapps] WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)

The Exploit Database - 12 Listopad, 2021 - 01:00
WordPress Plugin WP Symposium Pro 2021.10 - 'wps_admin_forum_add_name' Stored Cross-Site Scripting (XSS)

DSA-5009 tomcat9

Debian.org [Security] - 12 Listopad, 2021 - 00:00
security update

[webapps] FormaLMS 2.4.4 - Authentication Bypass

The Exploit Database - 11 Listopad, 2021 - 01:00
FormaLMS 2.4.4 - Authentication Bypass

[webapps] Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)

The Exploit Database - 11 Listopad, 2021 - 01:00
Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
Syndikovat obsah