[webapps] ExpertGPS 6.38 – XML External Entity Injection
Posted by deepcore under Security (No Respond)
Archive for February, 2020
[local] Windscribe – WindscribeService Named Pipe Privilege Escalation (Metasploit)
Posted by deepcore under Security (No Respond)
Windscribe – WindscribeService Named Pipe Privilege Escalation (Metasploit)
Tags: 0day, remote exploitHiSilicon DVR/NVR hi3520d Firmware Backdoor Account
Posted by deepcore under exploit (No Respond)
HiSilicon DVR/NVR with hi3520d firmware suffers from having a remote backdoor account vulnerability.
xglance-bin Local Root Privilege Escalation
Posted by deepcore under exploit (No Respond)
xglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.
AVideo Platform 8.1 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.
AVideo Platform 8.1 User Enumeration
Posted by deepcore under exploit (No Respond)
AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.
Verodin Director Web Console 3.5.4.0 Password Disclosure
Posted by deepcore under exploit (No Respond)
Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.
Kronos WebTA 4.0 Privilege Escalation / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Kronos WebTA version 4.0 suffers from cross site scripting and authenticated remote privilege escalation vulnerabilities.
Socat 1.7.3.4 Heap Overflow
Posted by deepcore under exploit (No Respond)
Socat version 1.7.3.4 heap-based overflow proof of concept exploit.
Wago PFC200 Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an authenticated remote code execution vulnerability in Wago PFC200.