QuickDate 1.3.2 SQL Injection
Posted by deepcore under exploit (No Respond)
QuickDate version 1.3.2 suffers from a remote SQL injection vulnerability.
Archive for February, 2020
Google Invisible RECAPTCHA 3 Spoof Bypass
Posted by deepcore under exploit (No Respond)
Google Invisible RECAPTCHA version 3 suffers from a spoofing bypass vulnerability.
ExpertGPS 6.38 XML Injection
Posted by deepcore under exploit (No Respond)
ExpertGPS version 6.38 suffers from an XML external entity injection vulnerability.
Wedding Slideshow Studio 1.36 Buffer Overflow
Posted by deepcore under exploit (No Respond)
Wedding Slideshow Studio version 1.36 suffers from a buffer overflow vulnerability.
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
LearnDash WordPress LMS plugin version 3.1.2 suffers from a cross site scripting vulnerability.
WordPress InfiniteWP Client Authentication Bypass
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an authentication bypass in the WordPress InfiniteWP Client plugin to log in as an administrator and execute arbitrary PHP code by overwriting the file specified by PLUGIN_FILE. The module will attempt to retrieve the original PLUGIN_FILE contents and restore them after payload execution. If VerifyContents is set, which is the default […]
Vanilla Forum 2.6.3 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Vanilla Forum version 2.6.3 suffers from a persistent cross site scripting vulnerability.
[remote] OpenSMTPD 6.4.0 < 6.6.1 – Local Privilege Escalation + Remote Code Execution
Posted by deepcore under Security (No Respond)
OpenSMTPD 6.4.0 < 6.6.1 – Local Privilege Escalation + Remote Code Execution
Tags: 0day, remote exploit[local] Wedding Slideshow Studio 1.36 – 'Name' Buffer Overflow
Posted by deepcore under Security (No Respond)
[local] Disk Savvy Enterprise 12.3.18 – Unquoted Service Path
Posted by deepcore under Security (No Respond)