BSA Radar 1.6.7234.24750 Local File Inclusion
Posted by deepcore under exploit (No Respond)
BSA Radar version 1.6.7234.24750 suffers from a local file inclusion vulnerability.
Archive for July, 2020
Apartment Visitors Management System Project 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Apartment Visitors Management System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Trend Micro Web Security Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits multiple vulnerabilities together in order to achieve remote code execution in Trend Micro Web Security versions prior to 6.5 SP2 Patch 4 (Build 1901).
Zyxel Armor X1 WAP6806 Directory Traversal
Posted by deepcore under exploit (No Respond)
Zyxel Armor X1 WAP6806 suffers from a directory traversal vulnerability.
Oracle Solaris 11 Device Driver Utility 1.3.1 Race Condition
Posted by deepcore under exploit (No Respond)
Oracle Solaris 11 Device Driver Utility version 1.3.1 suffers from an insecure use of /tmp that can allow for a race condition which leads to privilege escalation. Included exploit provides a root shell.
[webapps] Wing FTP Server 6.3.8 – Remote Code Execution (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] RiteCMS 2.2.1 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[webapps] Zyxel Armor X1 WAP6806 – Directory Traversal
Posted by deepcore under Security (No Respond)
[webapps] SuperMicro IPMI WebInterface 03.40 – Cross-Site Request Forgery (Add Admin)
Posted by deepcore under Security (No Respond)
SuperMicro IPMI WebInterface 03.40 – Cross-Site Request Forgery (Add Admin)
Tags: 0day, remote exploitPark Ticketing Management System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Park Ticketing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. These can be used to bypass login and execute code.