Jinfornet Jreport 15.6 Directory Traversal
Posted by deepcore under exploit (No Respond)
Jinfornet Jreport version 15.6 suffers from an unauthenticated directory traversal vulnerability.
Archive for March, 2020
Everest 5.50.2100 Denial Of Service
Posted by deepcore under exploit (No Respond)
Everest version 5.50.2100 suffers from a denial of service vulnerability.
ECK Hotel 1.0 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
ECK Hotel version 1.0 suffers from a cross site request forgery vulnerability.
Centreo 19.10.8 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Centreo version 19.10.8 suffers from a DisplayServiceStatus remote code execution vulnerability.
TP-Link Archer C50 V3 Denial of Service
Posted by deepcore under exploit (No Respond)
TP-Link Archer C50 V3 devices before build 200318 release 62209 allow remote attackers to cause a denial of service condition via a crafted HTTP Header containing an unexpected Referer field.
Linux PTRACE_TRACEME Local Root
Posted by deepcore under exploit (No Respond)
Linux kernel versions starting at 4.10 and below 5.1.7 PTRACE_TRACEME local root exploit that uses the pkexec technique.
SharePoint Workflows XOML Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality.
[dos] Everest 5.50.2100 – 'Open File' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[local] Easy RM to MP3 Converter 2.7.3.700 – 'Input' Local Buffer Overflow (SEH)
Posted by deepcore under Security (No Respond)
[webapps] ECK Hotel 1.0 – Cross-Site Request Forgery (Add Admin)
Posted by deepcore under Security (No Respond)