Sellacious eCommerce Shop suffers from a persistent cross site scripting vulnerability.
196ab4b61f5e94a2f03aa875f07eba9b1953c199d6022d1281f851d7e3335a34
Tryton version 5.4 suffers from a persistent cross site scripting vulnerability.
4c96fa3580b6561a60b15f2a32d8b9788f1fa4ce3f568b13baef2a4e31f1a2c9
Remote Desktop Audit version 2.3.0.157 suffers from a buffer overflow vulnerability.
a873dd3a0f2c89613633590531ec9153a6c1897d765684d348e6738c5e833244
Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319
This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.
dcae513897070a9218f0bedaca27c407e24184902dfdcf5421907f51081acf14
This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.
8a5e7d31040e1c21ab99f881d936f3d17aadab8f8786980255feab1b1b628534
Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.
5e0cb4cf3dda82ee681cc340b6ee9c3fd167c5e730a49ac40effd6914c779db6
Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.
10f9d909a875c4ab314d16a0b9077d0dc02afff41825b02a198cf4fd6e780afd
LanSend version 3.2 suffers from a buffer overflow vulnerability.
aea9ad2b46bc92ead403dc4a49108f5c7b285ef6a058e44d905615a2e913ba0f
qdPM version 9.1 suffers from an arbitrary file upload vulnerability.
29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38
CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.
1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56a
macOS 320.whatis Script suffers from a privilege escalation vulnerability.
e578f65b68fcf2548e910793e37c196e060d6250ff94cec53221209d10a3ca20
TylerTech Eagle version 2018.3.11 suffers from a remote code execution vulnerability.
966770ccb06e6f9e5ff875bbd6fc8578e03727384a0fee39d60912d09e63779b
WordPress ChopSlider3 plugin version 3.4 suffers from a remote SQL injection vulnerability.
cfc7ba3799b36c678dc3edc35d0a5f83e09a6b543c87ba67384476ee4398aafa
Orchard Core version RC1 suffers from a persistent cross site scripting vulnerability.
72a8a68f1801a2b8f14ac871496aa71b35ce4dcde4dcdf45516856143cc7c333
Chrome suffers from a Typer::Visitor::TypeInductionVariablePhi type inference issue.
97541b515f1146557567913a8db64be5813d2b15b948ea1105c9e3337c28233a
LibreNMS version 1.46 suffers from a remote SQL injection vulnerability.
1925a6d2f57f543b740400ab21ad9ed57e19ccefe92a7f9e83906f831716b8b6
Complaint Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
35d2440e75b29d83a0dc93efd0b52bb8c57d111f48e476305cfc5e54be780362
CuteNews version 2.1.2 suffers from an arbitrary file deletion vulnerability.
37c5678fdbbbfaf9881b385d209475aaecc9505027b0b083c1f4c986bfdb3f5c
Victor CMS version 1.0 suffers from a remote SQL injection vulnerability.
e097b919f522cb4207e78c3be4ec2486e33cb823cd9a4dc313b72d15f034f71d
Online AgroCulture Farm Management System version 1.0 suffers from a remote SQL injection vulnerability that leverages the uname parameter.
0b7382ff7d0d2dda843490019b9f07be87c98f317b10819dc149aaff71db39f2
Pi-hole versions 4.4 and below remote code execution and privilege escalation exploit.
24dbec0272280c917c4f6f1294f5d251879231087642729ccdd7a1b727a27cff
Pi-hole versions 4.4 and below suffer from a remote code execution vulnerability.
c400406dcb79630cf4da18e7a41e5e507d3715a4c57d6150947c2924a9d53b97
Kartris version 1.6 suffers from an arbitrary file upload vulnerability.
1893df3860645717ed77b36829cd27018d61135d550260a8e7b0722461344c66