Subscribe via feed.
Archive for July, 2019

WordPress Database Backup Remote Command Execution

Posted by deepcore under exploit (No Respond)

There exists a command injection vulnerability in the WordPress plugin wp-database-backup for versions less than 5.2. For the backup functionality, the plugin generates a mysqldump command to execute. The user can choose specific tables to exclude from the backup by setting the wp_db_exclude_table parameter in a POST request to the wp-database-backup page. The names of […]

Schneider Electric Pelco Endura NET55XX Encoder

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits inadequate access controls within the Schneider Electric Pelco Endura NET55XX webUI to enable the SSH service and change the root password. This module has been tested successfully on: NET5501, NET5501-I, NET5501-XT, NET5504, NET5500, NET5516, NET550 versions.

http://nonthaburi.rid.go.th

Posted by deepcore under defacement (No Respond)

http://nonthaburi.rid.go.th notified by Z3z3-HaCkEr

Tags:

Apple Security Advisory 2019-7-23-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2019-7-23-1 – iCloud for Windows 7.13 is now available and addresses code execution and cross site scripting vulnerabilities.

Tags: , ,

Apple Security Advisory 2019-7-23-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2019-7-23-2 – iTunes for Windows 12.9.6 is now available and addresses code execution and cross site scripting vulnerabilities.

Tags: , ,

Apple Security Advisory 2019-7-23-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2019-7-23-3 – iCloud for Windows 10.6 is now available and addresses code execution and cross site scripting vulnerabilities.

Tags: , ,

WordPress Hybrid Composer 1.4.6 Unauthenticated Access

Posted by deepcore under exploit (No Respond)

WordPress Hybrid Composer plugin version 1.4.6 suffers from an unauthenticated configuration access vulnerability.

Comtrend AR-5310 Restricted Shell Escape

Posted by deepcore under exploit (No Respond)

Comtrend AR-5310 suffers from a restricted shell escape vulnerability.

Docker Container Escape

Posted by deepcore under exploit (No Respond)

Proof of concept instructions to exploit a Docker container escape vulnerability.

BACnet Stack 0.8.6 Denial Of Service

Posted by deepcore under exploit (No Respond)

BACnet Stack version 0.8.6 suffers from a denial of service vulnerability.