Joomla 3.4.6 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Joomla versions 3.0.0 through 3.4.6 suffer from a remote code execution vulnerability in configuration.php.
Archive for October, 2019
Logrotate 3.15.1 Privilege Escalation
Posted by deepcore under exploit (No Respond)
Logrotate versions up to and including 3.15.1 suffer from a privilege escalation vulnerability.
Subrion 4.2.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Subrion version 4.2.1 suffers from a persistent cross site scripting vulnerability.
IBM Bigfix Platform 9.5.9.62 Arbitary File Upload / Code Execution
Posted by deepcore under exploit (No Respond)
IBM Bigfix Platform version 9.5.9.62 suffers from an arbitrary file upload vulnerability as root that can achieve remote code execution.
IcedTeaWeb Validation Bypass / Directory Traversal / Code Execution
Posted by deepcore under exploit (No Respond)
IcedTeaWeb suffers from multiple vulnerabilities including directory traversal and validation bypass issues that can lead to remote code execution. The affected versions are 1.7.2 and below, 1.8.2 and below. 1.6 is also vulnerable and not patched due to being EOL. Proof of concepts are provided.
Zabbix 4.2 Authentication Bypass
Posted by deepcore under exploit (No Respond)
Zabbix version 4.2 suffers from an authentication bypass vulnerability.
Zabbix 4.4 Authentication Bypass
Posted by deepcore under exploit (No Respond)
Zabbix versions 4.4 and below authentication bypass demo proof of concept exploit.
freeFTP 1.0.8 Remote Buffer Overflow
Posted by deepcore under exploit (No Respond)
freeFTP version 1.0.8 remote buffer overflow exploit.
Tellion HN-2204AP Router Remote Configuration Disclosure
Posted by deepcore under exploit (No Respond)
Tellion HN-2204AP router remote configuration disclosure exploit.
vBulletin 5.5.4 SQL Injection
Posted by deepcore under exploit (No Respond)
vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.