This blog is mainly about security but I will add a drone section. The first post is related to my painful and regretful purchased of a Xiro Xplorer V few months ago. Everything went fine at the beginning but not for long…
Read More >>
This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.
This blog is mainly about security but I will add a drone section. The first post is related to my painful and regretful purchased of a Xiro Xplorer V few months ago. Everything went fine at the beginning but not for long…
Read More >>
Sitecore versions 7.1 and 7.2 suffer from a cross site scripting vulnerability.
Vaadin version 7.7.6 suffers from a cross site scripting vulnerability.
PayPal’s Marketing Online Service suffers from a user enumeration vulnerability.
Blackcat CMS version 1.2 suffers from a cross site scripting vulnerability.
SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.
Cisco Prime Infrastructure versions 1.1 through 3.1.6 suffer from cross site scripting, XML external entity injection, file disclosure, and remote SQL injection vulnerabilities.
WordPress FormCraft Basic plugin version 1.0.5 suffers from multiple remote SQL injection vulnerabilities.
Eltek SmartPack has backdoor accounts that are disclosed via some json files.
This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.
This Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause an command injection vulnerability. But given parameters, such a SSH ip address, port and credentials are validated before executing terminal command. Thus, you need to configure your own SSH service and set the required parameter during module usage. This Metasploit module was tested against Symantec Messaging Gateway 10.6.2-7.