Subscribe via feed.
Archive for June, 2019

AROX School-ERP Pro Unauthenticated Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. “import_stud.php” and “upload_fille.php” do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.

Netperf 2.6.0 Buffer Overflow

Posted by deepcore under exploit (No Respond)

Netperf version 2.6.0 suffers from a stack-based buffer overflow.

Exim 4.91 Local Privilege Escalation

Posted by deepcore under exploit (No Respond)

Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability.

[local] Serv-U FTP Server < 15.1.7 – Local Privilege Escalation

Posted by deepcore under Security (No Respond)

Serv-U FTP Server < 15.1.7 – Local Privilege Escalation

Tags: ,

[shellcode] Linux/x86_64 – execve(/bin/sh) Shellcode (22 bytes)

Posted by deepcore under Security (No Respond)

Linux/x86_64 – execve(/bin/sh) Shellcode (22 bytes)

Tags: ,

[webapps] Sahi pro 8.x – Cross-Site Scripting

Posted by deepcore under Security (No Respond)

Sahi pro 8.x – Cross-Site Scripting

Tags: ,

[webapps] Sahi pro 8.x – SQL Injection

Posted by deepcore under Security (No Respond)

Sahi pro 8.x – SQL Injection

Tags: ,

[webapps] Sahi pro 7.x/8.x – Directory Traversal

Posted by deepcore under Security (No Respond)

Sahi pro 7.x/8.x – Directory Traversal

Tags: ,

[local] Exim 4.87 – 4.91 – Local Privilege Escalation

Posted by deepcore under Security (No Respond)

Exim 4.87 – 4.91 – Local Privilege Escalation

Tags: ,

[dos] HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write

Posted by deepcore under Security (No Respond)

HC10 HC.Server Service 10.14 – Remote Invalid Pointer Write

Tags: ,