Subscribe via feed.
Archive for February, 2017

Joomla Wisroyq 1.6 SQL Injection

Posted by deepcore under exploit (No Respond)

Joomla Wisroyq component version 1.6 suffers from a remote SQL injection vulnerability.

Joomla Intranet Attendance Track 2.6.5 SQL Injection

Posted by deepcore under exploit (No Respond)

Joomla Intranet Attendance Track component version 2.6.5 suffers from a remote SQL injection vulnerability.

Joomla Community Quiz 4.3.5 SQL Injection

Posted by deepcore under exploit (No Respond)

Joomla Community Quiz component version 4.3.5 suffers from a remote SQL injection vulnerability.

Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes several user inputs and performs blacklisting. After that […]

AlienVault OSSIM/USM Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can […]

MVPower DVR Shell Unauthenticated Command Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The ‘shell’ file on the web interface executes arbitrary operating system commands in the query string. This Metasploit module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17). The TV-7108HE model is also reportedly […]

Joomla com_jajobboard v1.5 – SQL Injection Vulnerability

Posted by deepcore under exploit (No Respond)

An independent vulnerability laboratory partner team researcher discovered a remote sql-injection web vulnerability in …

http://jangharn.go.th

Posted by deepcore under defacement (No Respond)

http://jangharn.go.th notified by T1KUS90T

Tags:

http://sanchart.go.th

Posted by deepcore under defacement (No Respond)

http://sanchart.go.th notified by T1KUS90T

Tags:

http://www.muangchanph.go.th

Posted by deepcore under defacement (No Respond)

http://www.muangchanph.go.th notified by Ashiyane Digital Security Team

Tags: