CentOS Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change
Posted by deepcore under exploit (No Respond)
CentOS Control Web Panel (CWP) version 0.9.8.851 allows an attacker to change arbitrary passwords.
Archive for August, 2019
Webmin 1.920 Remote Root
Posted by deepcore under exploit (No Respond)
Webmin version 1.920 remote root exploit.
LibreOffice Macro Python Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module generates an ODT file with a dom loaded event that, when triggered, will execute arbitrary python code and the metasploit payload.
http://foodcontact.dss.go.th/index.html
Posted by deepcore under defacement (No Respond)
http://foodcontact.dss.go.th/index.html notified by UnkCrew
Tags: defacement[webapps] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Arbitrary File Disclosure (metasploit)
Posted by deepcore under Security (No Respond)
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Arbitrary File Disclosure (metasploit)
Tags: 0day, remote exploitRAR Password Recovery 1.80 Denial Of Service
Posted by deepcore under exploit (No Respond)
RAR Password Recovery version 1.80 suffers from a user name and registration code denial of service vulnerability.
Kimai 2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Kimai version 2 suffers from a persistent cross site scripting vulnerability.
Neo Billing 3.5 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.
YouPHPTube 7.2 SQL Injection
Posted by deepcore under exploit (No Respond)
YouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
FortiOS 5.6.7 / 6.0.4 Credential Disclosure
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits FortiOS versions 5.6.3 through 5.6.7 and 6.0.0 through 6.0.4 to leverage a credential disclosure vulnerability by reading the /dev/cmdb/sslvpn_websession file.