[webapps] Kartris 1.6 – Arbitrary File Upload
Posted by deepcore under Security (No Respond)
Archive for May, 2020
cpCommerce v1.2.8 – (id_document) Blind SQL Injection
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered a blind sql-injection web vulnerability in the official cp…
[webapps] Pi-hole < 4.4 – Remote Code Execution / Privileges Escalation
Posted by deepcore under Security (No Respond)
[webapps] Pi-hole < 4.4 – Remote Code Execution
Posted by deepcore under Security (No Respond)
ManageEngine DataSecurity Plus Path Traversal / Code Execution
Posted by deepcore under exploit (No Respond)
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffers from a path traversal vulnerability that can lead to remote code execution.
Tiny MySQL Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Tiny MySQL suffers from a cross site scripting vulnerability.
Qik Chat 3.0 Command Injection
Posted by deepcore under exploit (No Respond)
Qik Chat version 3.0 for iOS suffers from a command injection vulnerability.
WordPress ChopSlider 3 SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress ChopSlider plugin version 3 suffers from a remote SQL injection vulnerability.
WebTareas 2.0p8 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.
ManageEngine DataSecurity Plus Authentication Bypass
Posted by deepcore under exploit (No Respond)
ManageEngine DataSecurity Plus versions prior to 6.0.1 and ADAudit Plus versions prior to 6.0.3 suffer from an authentication bypass vulnerability.