[webapps] Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery
Posted by deepcore under Security (No Respond)
Archive for October, 2019
PHP-FPM Remote Code Execution
Posted by deepcore under exploit (No Respond)
This is a newer method to exploit php-fpm to achieve remote code execution when certain nginx with php-fpm configurations exist.
AUO SunVeillance Monitoring System 1.1.9e Incorrect Access Control
Posted by deepcore under exploit (No Respond)
AUO SunVeillance Monitoring System version 1.1.9e suffers from an incorrect access control vulnerability.
AUO SunVeillance Monitoring System 1.1.9e SQL Injection
Posted by deepcore under exploit (No Respond)
AUO SunVeillance Monitoring System version 1.1.9e suffers from a remote SQL injection vulnerability.
[webapps] ClonOs WEB UI 19.09 – Improper Access Control
Posted by deepcore under Security (No Respond)
Moxa EDR-810 Command Injection / Information Disclosure
Posted by deepcore under exploit (No Respond)
Moxa EDR-810 suffers from command injection and information disclosure vulnerabilities.
Rocket.Chat 2.1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Rocket.Chat version 2.1.0 suffers from a cross site scripting vulnerability.
IObit Uninstaller 9.1.0.8 IObitUnSvr Unquoted Service Path
Posted by deepcore under exploit (No Respond)
IObit Uninstaller version 9.1.0.8 suffers from an IObitUnSvr unquoted service path vulnerability.
WordPress Sliced Invoices 3.8.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a cross site scripting vulnerability.
WordPress Sliced Invoices 3.8.2 SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress Sliced Invoices plugin versions 3.8.2 and below suffer from a remote SQL injection vulnerability.