2020 March

Microsoft Windows SMB 3.1.1 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Microsoft Windows SMB version 3.1.1 suffers from a code execution vulnerability.

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

Posted by deepcore under exploit (No Respond)

Zyxel CNM SecuManager versions 3.1.0 and 3.1.1 suffer from having hard-coded secrets, missing authentication, backdoors, and remote code execution vulnerabilities.

[webapps] PHPKB Multi-Language 9 – 'image-upload.php' Authenticated Remote Code Execution

Posted by deepcore under Security (No Respond)

PHPKB Multi-Language 9 – ‘image-upload.php’ Authenticated Remote Code Execution

Tags: 0day, remote exploit

[webapps] PHPKB Multi-Language 9 – Authenticated Remote Code Execution

Posted by deepcore under Security (No Respond)

PHPKB Multi-Language 9 – Authenticated Remote Code Execution

Tags: 0day, remote exploit

[webapps] MiladWorkShop VIP System 1.0 – 'lang' SQL Injection

Posted by deepcore under Security (No Respond)

MiladWorkShop VIP System 1.0 – ‘lang’ SQL Injection

Tags: 0day, remote exploit

[webapps] PHPKB Multi-Language 9 – Authenticated Directory Traversal

Posted by deepcore under Security (No Respond)

PHPKB Multi-Language 9 – Authenticated Directory Traversal

Tags: 0day, remote exploit

[webapps] Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin)

Posted by deepcore under Security (No Respond)

Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin)

Tags: 0day, remote exploit

Revive Adserver 5.0.4 Security Bypass / Open Redirect

Posted by deepcore under exploit (No Respond)

Revive Adserver versions 5.0.4 and below suffer from bypass and open redirection vulnerabilities.

Phoenix Contact TC Router / TC Cloud Client Command Injection

Posted by deepcore under exploit (No Respond)

Phoenix Contact TC Router and TC Cloud Client versions 2.05.3 and below, 2.03.17 and below, and 1.03.17 and below suffer from authenticated command injection and various other vulnerabilities.

ManageEngine Desktop Central Java Deserialization

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a Java deserialization vulnerability in the getChartImage() method from the FileStorage class within ManageEngine Desktop Central versions below 10.0.474. Tested against 10.0.465 x64.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft Windows SMB 3.1.1 Remote Code Execution

Zyxel CNM SecuManager 3.1.0 / 3.1.1 Hardcoded Keys / XSS / Code Execution

[webapps] PHPKB Multi-Language 9 – 'image-upload.php' Authenticated Remote Code Execution

[webapps] PHPKB Multi-Language 9 – Authenticated Remote Code Execution

[webapps] MiladWorkShop VIP System 1.0 – 'lang' SQL Injection

[webapps] PHPKB Multi-Language 9 – Authenticated Directory Traversal

[webapps] Enhanced Multimedia Router 3.0.4.27 – Cross-Site Request Forgery (Add Admin)

Revive Adserver 5.0.4 Security Bypass / Open Redirect

Phoenix Contact TC Router / TC Cloud Client Command Injection

ManageEngine Desktop Central Java Deserialization

Tabs Switcher

Categories

Archives

Meta

BLOGROLL