CentOS Web Panel 0.9.8.789 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
CentOS Web Panel version 0.9.8.78 suffers from a persistent cross site scripting vulnerability.
Archive for March, 2019
Cisco RV320 / RV325 Unauthenticated Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module combines an information disclosure (CVE-2019-1653) and a command injection vulnerability (CVE-2019-1652) together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS on port 443 or HTTP on port 8007 on some older firmware versions.
Masch CMStudio Banners 8.6.1 Open Redirection
Posted by deepcore under exploit (No Respond)
Masch CMStudio Banners module version 8.6.1 suffers from an open redirection vulnerability.
WordPress Ultimate Form Builder 1.0 Database Disclosure
Posted by deepcore under exploit (No Respond)
WordPress Form Builder plugin version 1.0 suffers from a database disclosure vulnerability.
Magento 2.3.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Magento versions 2.2.0 through 2.3.0 unauthenticated remote SQL injection exploit.
Pydio 8 Command Execution / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities.
Apple Security Advisory 2019-3-27-1
Posted by deepcore under Apple (No Respond)
[webapps] CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
CentOS Web Panel 0.9.8.789 – NameServer Field Persistent Cross-Site Scripting
Tags: 0day, remote exploitWordPress AND-AntiBounce 1.0.3 Open Redirection
Posted by deepcore under exploit (No Respond)
WordPress AND-AntiBounce plugin version 1.0.3 suffers from an open redirection vulnerability.