TheCarProject 2 SQL Injection
Posted by deepcore under exploit (No Respond)
TheCarProject version 2 suffers from a remote SQL injection vulnerability.
Archive for March, 2019
Gitea 1.7.3 HTML Injection
Posted by deepcore under exploit (No Respond)
Gitea versions 1.7.0 through 1.7.3 suffer from a stored html injection vulnerability.
libseccomp Incorrect Compilation Of Arithmetic Comparisons
Posted by deepcore under exploit (No Respond)
libseccomp suffers from an issue where there are incorrect compilations of arithmetic comparisons.
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted by deepcore under exploit (No Respond)
exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to […]
Jenkins ACL Bypass / Metaprogramming Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a vulnerability in Jenkins dynamic routing to bypass the Overall/Read ACL and leverage Groovy metaprogramming to download and execute a malicious JAR file. The ACL bypass gadget is specific to Jenkins versions 2.137 and below and will not work on later versions of Jenkins. Tested against Jenkins 2.137 and Pipeline: Groovy […]
[webapps] Netartmedia Real Estate Portal 5.0 – SQL Injection
Posted by deepcore under Security (No Respond)
[webapps] Netartmedia PHP Mall 4.1 – SQL Injection
Posted by deepcore under Security (No Respond)
[local] Advanced Host Monitor 11.92 beta – Local Buffer Overflow
Posted by deepcore under Security (No Respond)
[webapps] Netartmedia Event Portal 2.0 – 'Email' SQL Injection
Posted by deepcore under Security (No Respond)
[webapps] eNdonesia Portal 8.7 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)