MJML 4.6.2 Path Traversal
Posted by deepcore under exploit (No Respond)
MJML versions 4.6.2 and below suffer from a path traversal vulnerability.
Archive for June, 2020
SOS JobScheduler 1.13.3 Stored Password Decryption
Posted by deepcore under exploit (No Respond)
SOS JobScheduler version 1.13.3 encrypts a secret by simply using the name of a profile as the key, making it trivial to decrypt.
Gila CMS 1.11.8 SQL Injection
Posted by deepcore under exploit (No Respond)
Gila CMS version 1.11.8 suffers from a remote SQL injection vulnerability.
TP-LINK Cloud Cameras NCXXX Stack Overflow
Posted by deepcore under exploit (No Respond)
TP-LINK Cloud Cameras NCXXX suffer from a DelMultiUser stack overflow vulnerability.
Netgear R7000 Router Remote Code Execution
Posted by deepcore under exploit (No Respond)
Netgear R7000 router remote code execution exploit that leverages a pre-authentication memcpy-based stack buffer overflow vulnerability.
Arista Restricted Shell Escape / Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista’s bash shell, and a TACACS+ read-only account to achieve privilege escalation.
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103.
Theft Of CIA's Vault 7 Secrets Tied To Woefully Lax Security
Posted by deepcore under exploit (No Respond)
[webapps] College-Management-System-Php 1.0 – Authentication Bypass
Posted by deepcore under Security (No Respond)
http://reo10.moe.go.th/vz.txt
Posted by deepcore under defacement (No Respond)
http://reo10.moe.go.th/vz.txt notified by aDriv4
Tags: defacement