[webapps] Karenderia Multiple Restaurant System 5.3 – SQL Injection
Posted by deepcore under Security (No Respond)
Archive for July, 2019
[webapps] Karenderia Multiple Restaurant System 5.3 – Local File Inclusion
Posted by deepcore under Security (No Respond)
[remote] Microsoft Exchange 2003 – base64-MIME Remote Code Execution
Posted by deepcore under Security (No Respond)
iPhone iMessage Malformed Message Bricking
Posted by deepcore under Apple (No Respond)
PHPwind v9.1.0 – Multiple Cross Site Scripting Vulnerabilities
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered multiple cross site scripting vulnerabilities in the PhpWi…
Symantec DLP 15.5 MP1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Symantec DLP versions 15.5 MP1 and below suffer from a cross site scripting vulnerability.
Hawtio 2.5.0 Server Side Request Forgery
Posted by deepcore under exploit (No Respond)
Hawtio versions 2.5.0 and below suffer from a server side request forgery vulnerability.
BKS EBK Ethernet-Buskoppler Pro Shell Upload
Posted by deepcore under exploit (No Respond)
BKS EBK Ethernet-Buskoppler Pro versions prior to 3.01 suffer from a remote shell upload vulnerability.
Centreon 19.04 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Centreon version 19.04 suffers from an authenticated remote code execution vulnerability.
Serv-U FTP Server prepareinstallation Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV[0] in a call to system(), without validation, when invoked with the -prepareinstallation flag, resulting in command execution with root privileges. This module has been tested successfully on Serv-U […]
