VirIT Explorer Lite / Pro 8.1.68 Privilege Escalation
Posted by deepcore under exploit (No Respond)
VirIT Explorer versions Lite 8.1.68 and Pro 8.1.68 suffers from a local privilege escalation vulnerability.
Archive for May, 2016
Tuninfoforyou 2 / 2.5 Backdoor Account
Posted by deepcore under exploit (No Respond)
Tuninfoforyou versions 2 and 2.5 appear to have a backdoor account of admin/admin.
WordPress Brafton 3.3.10 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Brafton plugin version 3.3.0 suffers from a cross site scripting vulnerability.
http://r05.ldd.go.th/r05/templates/beez/index.php
Posted by deepcore under Security (No Respond)
http://r05.ldd.go.th/r05/templates/beez/index.php notified by Hmei7
Tags: defacementhttp://bamras.ddc.moph.go.th/by.htm
Posted by deepcore under Security (No Respond)
http://bamras.ddc.moph.go.th/by.htm notified by GeNErAL
Tags: defacementLG NAS N1A1 10119 Access Bypass / Directory Traversal / SQL Injection
Posted by deepcore under exploit (No Respond)
LG NAS N1A1 version 10119 suffers from insecure direct object reference, SQL injection, directory traversal, arbitrary file upload/download, and sensitive information disclosure vulnerabilities. Full proof of concept exploit included.
TYPO3 6.2.19 / 7.6.4 RemoveXSS.php Filter Bypass
Posted by deepcore under exploit (No Respond)
TYPO3 versions 6.2.19 and below and 7.6.4 and below suffer from a cross site scripting filter bypass vulnerability.
SAP NetWeaver AS JAVA 7.5 Information Disclosure
Posted by deepcore under exploit (No Respond)
SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from an information disclosure vulnerability.
SAP NetWeaver AS JAVA 7.5 SQL Injection
Posted by deepcore under exploit (No Respond)
SAP NetWeaver AS JAVA versions 7.1 through 7.5 suffer from a remote SQL injection vulnerability.
http://pvlo-sbr.dld.go.th/media/acepolls/i.htm
Posted by deepcore under Security (No Respond)
http://pvlo-sbr.dld.go.th/media/acepolls/i.htm notified by Mr.Kro0oz.305
Tags: defacement