Clinic Pro 4 SQL Injection
Posted by deepcore under exploit (No Respond)
Clinic Pro version 4 suffers from a remote SQL injection vulnerability.
Archive for April, 2019
TeemIp IPAM Command Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The “new_config” parameter of “exec.php” allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an […]
Apache 2.4.38 Root Privilege Escalation
Posted by deepcore under exploit (No Respond)
Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.
Chrome 73.0.3683.86 Stable Proof Of Concept
Posted by deepcore under exploit (No Respond)
Chrome version 73.0.3683.86 stable exploit for chromium issue 941743, tested on Windows 10 x64, which leverages a flaw in the V8 javascript engine.
[remote] WordPress 5.0.0 – Crop-image Shell Upload (Metasploit)
Posted by deepcore under Security (No Respond)
[webapps] WordPress Plugin Contact Form Maker 1.13.1 – Cross-Site Request Forgery
Posted by deepcore under Security (No Respond)
[local] AIDA64 Extreme 5.99.4900 – 'Logging' SEH Buffer Overflow
Posted by deepcore under Security (No Respond)
[webapps] Manage Engine ServiceDesk Plus 9.3 – Privilege Escalation
Posted by deepcore under Security (No Respond)
[webapps] FreeSMS 2.1.2 – SQL Injection (Authentication Bypass)
Posted by deepcore under Security (No Respond)
[local] AIDA64 Engineer 5.99.4900 – 'Load from file' Field Buffer Overflow (SEH)
Posted by deepcore under Security (No Respond)