Edimax EW-7438RPn suffers from a cross site request forgery vulnerability.

Complaint Management System version 4.2 suffers from a cross site request forgery vulnerability.

Maian Support Helpdesk version 4.3 suffers from a cross site request forgery vulnerability.

ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.

DCNM exposes a file upload servlet (FileUploadServlet) at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication bypass on versions 10.4(2) and below, and CVE-2019-1622 (information disclosure) to obtain the correct directory for the WAR file upload. This module was tested on the DCNM Linux virtual appliance 10.4(2), 11.0(1) and 11.1(1), and should work on a few versions below 10.4(2). Only version 11.0(1) requires authentication to exploit (see References to understand why).

Joomla GMapFP component version 3.30 suffers from an arbitrary file upload vulnerability.

Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.

Horde Groupware Webmail Edition version 5.2.22 suffers from a PHP file inclusion vulnerability.

PHPKB Multi-Language 9 suffers from an image-upload.php remote authenticated code execution vulnerability.

rConfig version 3.9.4 suffers from a search.crud.php remote command injection vulnerability.

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.

52 bytes small Win32/XP SP3 windows magnifier shellcode.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.836 suffers from a remote command execution vulnerability.

This Metasploit module exploits an unauthenticated command injection vulnerability in rConfig versions 3.9.2 and prior. The install directory is not automatically removed after installation, allowing unauthenticated users to execute arbitrary commands via the ajaxServerSettingsChk.php file as the web server user. This module has been tested successfully on rConfig version 3.9.2 on CentOS 7.7.1908 (x64).

Magento WooCommerce CardGate Payment Gateway version 2.0.30 suffers from a payment process bypass vulnerability.

Ivanti Workspace Manager versions prior to 10.3.90 suffer from a bypass vulnerability.

ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

TP-LINK Cloud Cameras including products NC260 and NC450 suffer from a command injection vulnerability. The issue is located in the httpSetEncryptKeyRpm method (handler for /setEncryptKey.fcgi) of the ipcamera binary, where the user-controlled EncryptKey parameter is used directly as part of a command line to be executed as root without any input sanitization.

This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.

This Metasploit module abuses a known default password in IBM Data Risk Manager. The a3user has the default password idrm and allows an attacker to log in to the virtual appliance via SSH. This can be escalate to full root access, as a3user has sudo access with the default password. At the time of disclosure, this is a 0day. Versions 2.0.3 and below are confirmed to be affected, and the latest 2.0.6 is most likely affected too.

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

This Metasploit module exploits a Java Expression Language (EL) injection in Nexus Repository Manager versions up to and including 3.21.1 to execute code as the Nexus user. Tested against 3.21.1-01.