[webapps] Seowon SlC 130 Router – Remote Code Execution
Posted by deepcore under Security (No Respond)
Archive for August, 2020
[webapps] Complaint Management System 1.0 – 'cid' SQL Injection
Posted by deepcore under Security (No Respond)
Pharmacy Medical Store And Sale Point 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Pharmacy Medical Store and Sale Point version 1.0 suffers from a remote SQL injection vulnerability.
[webapps] PNPSCADA 2.200816204020 – 'interf' SQL Injection (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] ElkarBackup 1.3.3 – Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
vBulletin 5.6.2 Persistent Cross Site Scripting
Posted by deepcore under exploit (No Respond)
vBulletin version 5.6.2 suffers from a persistent cross site scripting vulnerability.
Tailor Management System 1.0 Persistent Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Tailor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
WordPress Change Login Logo 1.0.1 Persistent Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Change Login Logo plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
WordPress Click To Top 1.2.7 Persistent Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Click To Top plugin version 1.2.7 suffers from a persistent cross site scripting vulnerability.
D-Link Central WiFi Manager CWM(100) Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.