Zabbix 3.0.3 Remote Command Execution
Posted by deepcore under exploit (No Respond)
Zabbix versions 2.2 through 3.0.3 suffer from a remote command execution vulnerability in the JSON-RPC API.
Archive for June, 2016
Apache Continuum 1.4.2 Arbitrary Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a command injection in Apache Continuum versions 1.4.2 and below. By injecting a command into the installation.varValue POST parameter to /continuum/saveInstallation.action, a shell can be spawned.
http://cash.spr.go.th
Posted by deepcore under Security (No Respond)
http://cash.spr.go.th notified by W.A_666
Tags: defacementCM Ad Changer 1.7.7 WP Plugin – Cross Site Vulnerability
Posted by deepcore under exploit (No Respond)
An indepedent vulnerability laboratory researcher discovered a stored cross site scripting web vulnerability in the official CM Ad Changer v1.7.7 WordPress Plugin.
FlashFXP v5.3.0 (Win) – Memory Corruption Vulnerability
Posted by deepcore under exploit (No Respond)
The vulnerability laboratory core research team discovered a local memory corruption vulnerability in the official FlashFXP v5.3.0 windows software.
[webapps] – WordPress Social Stream Plugin 1.5.15 – wp_options Overwrite
Posted by deepcore under Security (No Respond)
[remote] – Apache Continuum Arbitrary Command Execution
Posted by deepcore under Security (No Respond)
http://dmsic.moph.go.th/dmsic//images/
Posted by deepcore under Security (No Respond)
http://dmsic.moph.go.th/dmsic//images/ notified by ZD-0FF
Tags: defacementhttp://tambonbing.go.th/file_editor/cyb3r_dr4in.gif
Posted by deepcore under Security (No Respond)
http://tambonbing.go.th/file_editor/cyb3r_dr4in.gif notified by Ashiyane Digital Security Team
Tags: defacement[webapps] – Grid Gallery 1.0 – Admin Panel Authentication Bypass
Posted by deepcore under Security (No Respond)