2019 June

Starry Router Camera PIN Brute-Force / CORS Incorrect

Posted by deepcore under exploit (No Respond)

Starry Router Camera suffers from vulnerabilities where the PIN can be brute-forced and the HTML5 CORS ORIGIN is set with a wildcard.

Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal

Posted by deepcore under exploit (No Respond)

Veralite and Veraedge routers / smart home controllers suffer from command injection, cross site request forgery, cross site scripting, code execution, directory traversal, and various other vulnerabilities.

Shekar Endoscope Weak Default Settings / Memory Corruption

Posted by deepcore under exploit (No Respond)

Shekar Endoscope has telnet enabled by default, default wifi credentials, a flaw where an attacker can change the wifi password without any additional authentication, and four memory corruption vulnerabilities.

UliCMS 2019.1 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

UliCMS version2 019.1 suffers from a persistent cross site scripting vulnerability.

Ubuntu 18.04 lxd Privilege Escalation

Posted by deepcore under exploit (No Respond)

Ubuntu version 18.04 lxd privilege escalation exploit.

Wampserver 3.1.8 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

Wampserver versions 3.1.4 through 3.1.8 suffer from a cross site request forgery vulnerability.

[remote] Webmin 1.910 – 'Package Updates' Remote Command Execution (Metasploit)

Posted by deepcore under Security (No Respond)

Webmin 1.910 – ‘Package Updates’ Remote Command Execution (Metasploit)

Tags: 0day, remote exploit

[webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting

Posted by deepcore under Security (No Respond)

Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery

Posted by deepcore under Security (No Respond)

phpMyAdmin 4.8 – Cross-Site Request Forgery

Tags: 0day, remote exploit

[webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution

Posted by deepcore under Security (No Respond)

WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Starry Router Camera PIN Brute-Force / CORS Incorrect

Veralite / Veraedge Router XSS / Command Injection / CSRF / Traversal

Shekar Endoscope Weak Default Settings / Memory Corruption

UliCMS 2019.1 Cross Site Scripting

Ubuntu 18.04 lxd Privilege Escalation

Wampserver 3.1.8 Cross Site Request Forgery

[remote] Webmin 1.910 – 'Package Updates' Remote Command Execution (Metasploit)

[webapps] Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API – Cross-Site Scripting

[webapps] phpMyAdmin 4.8 – Cross-Site Request Forgery

[webapps] WordPress Plugin Insert or Embed Articulate Content into WordPress – Remote Code Execution

Tabs Switcher

Categories

Archives

Meta

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

Categories

Archives

Meta

BLOGROLL