BMW ConnectedDrive – (Update) VIN Session Vulnerability
Posted by deepcore under exploit (No Respond)
No abstract description available in the upcomings!
Archive for July, 2016
http://srisawat.kanpho.go.th/Ir.txt
Posted by deepcore under defacement (No Respond)
http://srisawat.kanpho.go.th/Ir.txt notified by Mr.PERSIA
Tags: defacementWordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS
Posted by deepcore under exploit (No Respond)
WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.
Nagios XI Chained Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an SQL injection, auth bypass, file upload, command injection, and privilege escalation in Nagios XI <= 5.2.7 to pop a root shell.
IBM BlueMix Cloud Script Insertion
Posted by deepcore under exploit (No Respond)
IBM BlueMix Cloud suffers from a client-side malicious script insertion vulnerability.
Teampass 2.1.26 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
Teampass version 2.1.26 suffers from a remote authenticated file upload vulnerability that may allow for code execution.
Micron CMS 5.3 SQL Injection
Posted by deepcore under exploit (No Respond)
Micron CMS version 5.3 suffers from a remote SQL injection vulnerability.
PrinceXML Wrapper Class Command Injection
Posted by deepcore under exploit (No Respond)
Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.
OpenFire 4.0.1 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
OpenFire versions 3.10.2 through 4.0.1 suffer from cross site request forgery and cross site scripting vulnerabilities. These issues are similar as findings discovered by hyp3rlinx but leverage different pages.
CIMA DocuClass ECM CSRF / XSS / SQL Injection
Posted by deepcore under exploit (No Respond)
CIMA DocuClass ECM suffers from cross site request forgery, cross site scripting, direct object reference, and remote SQL injection vulnerabilities.