Job Portal 1.0 Shell Upload
Posted by deepcore under exploit (No Respond)
Job Portal version 1.0 suffers from a remote shell upload vulnerability.
Archive for January, 2020
Fortinet FortiSIEM 5.2.5 / 5.2.6 Hardcoded Key
Posted by deepcore under exploit (No Respond)
Fortinet FortiSIEM has a hard-coded SSH public key for user “tunneluser” which is the same between all installs. An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor. The unencrypted key is also stored inside the FortiSIEM image. While the user’s shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH […]
http://server91.labour.go.th/kurd.html
Posted by deepcore under defacement (No Respond)
http://server91.labour.go.th/kurd.html notified by 0x1998
Tags: defacement[webapps] Tomcat proprietaryEvaluate 9.0.0.M1 – Sandbox Escape
Posted by deepcore under Security (No Respond)
[remote] JetBrains TeamCity 2018.2.4 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[remote] ASTPP VoIP 4.0.1 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[remote] EBBISLAND EBBSHAVE 6100-09-04-1441 – Remote Buffer Overflow
Posted by deepcore under Security (No Respond)
[webapps] Online Book Store 1.0 – Unauthenticated Remote Code Execution
Posted by deepcore under Security (No Respond)
[remote] Cisco DCNM JBoss 10.4 – Credential Leakage
Posted by deepcore under Security (No Respond)
[webapps] Codoforum 4.8.3 – 'input_txt' Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)