2020 August

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

Posted by deepcore under exploit (No Respond)

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.

[webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation

Posted by deepcore under Security (No Respond)

Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation

Tags: 0day, remote exploit

[webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting

Posted by deepcore under Security (No Respond)

SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting

Posted by deepcore under Security (No Respond)

Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection

Posted by deepcore under Security (No Respond)

Online Shopping Alphaware 1.0 – ‘id’ SQL Injection

Tags: 0day, remote exploit

[webapps] WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)

Posted by deepcore under Security (No Respond)

WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)

Tags: 0day, remote exploit

[local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)

Posted by deepcore under Security (No Respond)

ASX to MP3 converter 3.1.3.7.2010.11.05 – ‘.wax’ Local Buffer Overflow (DEP,ASLR Bypass) (PoC)

Tags: 0day, remote exploit

[webapps] Mida eFramework 2.9.0 – Remote Code Execution

Posted by deepcore under Security (No Respond)

Mida eFramework 2.9.0 – Remote Code Execution

Tags: 0day, remote exploit

Ericom Access Server 9.2.0 Server-Side Request Forgery

Posted by deepcore under exploit (No Respond)

Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is […]

LimeSurvey 4.3.10 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password

[webapps] Eibiz i-Media Server Digital Signage 3.8.0 – Privilege Escalation

[webapps] SymphonyCMS 3.0.0 – Persistent Cross-Site Scripting

[webapps] Nagios Log Server 2.1.6 – Persistent Cross-Site Scripting

[webapps] Online Shopping Alphaware 1.0 – 'id' SQL Injection

[webapps] WordPress Plugin Autoptimize 2.7.6 – Arbitrary File Upload (Authenticated)

[local] ASX to MP3 converter 3.1.3.7.2010.11.05 – '.wax' Local Buffer Overflow (DEP,ASLR Bypass) (PoC)

[webapps] Mida eFramework 2.9.0 – Remote Code Execution

Ericom Access Server 9.2.0 Server-Side Request Forgery

LimeSurvey 4.3.10 Cross Site Scripting

Tabs Switcher

Categories

Archives

Meta

BLOGROLL