2019 September

Zero-Day Privilege Escalation Disclosed For Android

Posted by deepcore under exploit (No Respond)

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

Posted by deepcore under exploit (No Respond)

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.

AwindInc SNMP Service Command Injection

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a vulnerability found in AwindInc and OEM’ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability.

WordPress API Bearer Auth 20181229 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WordPress API Bearer Auth plugin version 20181229 suffers from a cross site scripting vulnerability.

[remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution

Posted by deepcore under Security (No Respond)

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zero-Day Privilege Escalation Disclosed For Android

Cisco Device Hardcoded Credentials / GNU glibc / BusyBox

AwindInc SNMP Service Command Injection

WordPress API Bearer Auth 20181229 Cross Site Scripting

[remote] Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN – Remote Code Execution

FileThingie 2.5.7 Remote Shell Upload

Totaljs CMS 12.0 Path Traversal

Totaljs CMS 12.0 Insecure Admin Session Cookie

WordPress Portrait-Archiv.com Photostore 5.0.4 Cross Site Scripting

Totaljs CMS 12.0 Widget Creation Code Injection

Tabs Switcher

Categories

Archives

Meta

BLOGROLL