My.WiFi USB Drive 1.0 File Inclusion
Posted by deepcore under exploit (No Respond)
My.WiFi USB Drive version 1.0 suffers from a file inclusion vulnerability.
Archive for September, 2015
Mango Automation 2.6.0 Add Admin Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Mango Automation version 2.6.0 add administrator cross site request forgery exploit.
Mango Automation 2.6.0 SQL Query Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Mango Automation version 2.6.0 arbitrary SQL query execution cross site request forgery exploit.
Mango Automation 2.6.0 Unprotected Debug Log View
Posted by deepcore under exploit (No Respond)
Mango Automation version 2.6.0 suffers from an information disclosure vulnerability because it contains default configuration for debugging enabled in the ‘/WEB-INF./web.xml’ file (debug=true). An attacker can entice a logged-in user to visit a specially crafted URL which will produce a system exception with stack trace on the Jetty server. When this error occurs, the debug […]
Mango Automation 2.6.0 Command Execution Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Mango Automation version 2.6.0 arbitrary command execution cross site request forgery exploit.
Mango Automation 2.6.0 File Upload / Code Execution CSRF
Posted by deepcore under exploit (No Respond)
Mango Automation version 2.6.0 file upload and arbitrary JSP code execution cross site request forgery exploit.
Collabtive 2.0 Shell Upload
Posted by deepcore under exploit (No Respond)
Collabtive version 2.0 suffers from an arbitrary file upload vulnerability.
ProjeQtor 4.5.2 Shell Upload
Posted by deepcore under exploit (No Respond)
ProjeQtor version 4.5.2 suffers from a remote shell upload vulnerability.
WordPress Appointment Booking Calendar 1.1.7 XSS
Posted by deepcore under exploit (No Respond)
WordPress Appointment Booking Calendar plugin version 1.1.7 suffers from multiple cross site scripting vulnerabilities.
Centreon 2.6.1 Shell Upload
Posted by deepcore under exploit (No Respond)
Centreon version 2.6.1 suffers from a remote shell upload vulnerability.