Blog Master Pro 1.0 CSV Injection
Posted by deepcore under exploit (No Respond)
Blog Master Pro version 1.0 suffers from a CSV injection vulnerability.
Archive for April, 2018
HRSALE The Ultimate HRM 1.0.2 CSV Injection
Posted by deepcore under exploit (No Respond)
HRSALE The Ultimate HRM version 1.0.2 suffers from a CSV injection vulnerability.
HRSALE The Ultimate HRM 1.0.2 SQL Injection
Posted by deepcore under exploit (No Respond)
HRSALE The Ultimate HRM version 1.0.2 suffers from a remote SQL injection vulnerability.
Sitecore.NET 8.1 Directory Traversal
Posted by deepcore under exploit (No Respond)
Sitecore.NET version 8.1 suffers from a directory traversal vulnerability.
hik-connect.com / ezvizlife.com Authentication Bypass
Posted by deepcore under exploit (No Respond)
A lack of validation on cookie values allows you to login as any user on hik-connect.com and ezvizlife.com.
October CMS User 1.4.5 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
October CMS User plugin version 1.4.5 suffers from a persistent cross site scripting vulnerability.
SickRage Credential Disclosure
Posted by deepcore under exploit (No Respond)
SickRage versions prior to 2018.03.09 return clear-text credentials in HTTP responses.
WordPress WP With Spritz 1.0 File Inclusion
Posted by deepcore under exploit (No Respond)
WordPress WP with Spritz plugin version 1.0 suffers from local and remote file inclusion vulnerabilities.
Jfrog Artifactory Code Execution / Shell Upload
Posted by deepcore under exploit (No Respond)
Jfrog Artifactory versions prior to 4.16 suffer from unauthenticated arbitrary file upload and remote command execution vulnerabilities.
Drupal drupgeddon3 Remote Code Execution
Posted by deepcore under exploit (No Respond)
This is a simple proof of concept exploit for Drupal versions prior to 7.58 that demonstrate the drupalgeddon3 authenticated remote code execution vulnerability.