Apache HTTP Server 2.4.50 Remote Code Execution
This is another variant of the Apache HTTP server version 2.4.50 remote code execution exploit.
View ArticleZyxel USG FLEX 5.21 Command Injection
Zyxel USG FLEX version 5.21 suffers from a command injection vulnerability.
View ArticleWordPress Royal Elementor Addons And Templates Remote Shell Upload
WordPress Royal Elementor Addons and Templates plugin versions prior to 1.3.79 suffer from a remote shell upload vulnerability.
View ArticleSplunk XSLT Upload Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a...
View ArticleMajorDoMo Remote Code Execution
MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability.
View ArticleVinchin Backup And Recovery Command Injection
This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.*. Due to insufficient input validation in the checkIpExists API...
View ArticleWordPress Backup Migration 1.3.7 Remote Command Execution
This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the...
View ArticleMajorDoMo Command Injection
This Metasploit module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e.
View ArticleVinchin Backup And Recovery 7.2 setNetworkCardInfo Command Injection
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the setNetworkCardInfo function.
View ArticleVinchin Backup And Recovery 7.2 syncNtpTime Command Injection
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in the syncNtpTime function.
View ArticleVinchin Backup And Recovery 7.2 Default MySQL Credentials
A critical security issue has been discovered in Vinchin Backup and Recovery version 7.2. The software has been found to use default MYSQL credentials, which could lead to significant security risks.
View ArticleVinchin Backup And Recovery 7.2 Default Root Credentials
Vinchin Backup and Recovery version 7.2 has been identified as being configured with default root credentials, posing a significant security vulnerability.
View ArticleVinchin Backup And Recovery 7.2 SystemHandler.class.php Command Injection
Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
View ArticleVinchin Backup And Recovery 7.2 Command Injection
Vinchin Backup and Recovery versions 7.2 and below suffer from an authentication command injection vulnerability.
View ArticleWordPress Bricks Builder Theme 1.9.6 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute...
View ArticleDerbyNet 9.0 render-document.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in render-document.php.
View ArticleDerbyNet 9.0 photo.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.
View ArticleDerbyNet 9.0 checkin.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.
View ArticleDerbyNet 9.0 photo-thumbs.php Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.
View ArticleDerbyNet 9.0 inc/kisosks.inc Cross Site Scripting
DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.
View Article