Path Traversal

Erxes is vulnerable to Path Traversal. The vulnerability is due to improper input validation due to insufficient sanitization of file paths in the importHistoriesCreate GraphQL mutation handler, allowing authenticated attackers to write to arbitrary files...

Real Player 16.0.3.51 - 'external::Import()' Directory Traversal to Remote Code Execution (RCE)

Exploit Title: Real Player 16.0.3.51 - 'external::Import' Directory Traversal to Remote Code Execution RCE Google Dork: n/a Date: May 31, 2022 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://real.com/ Software Link: http://real.com/ Version: ver. 16.00.282, 16.0.3.51, Cloud 17.0.9.17,...