[webapps] Tailor Management System – 'id' SQL Injection
Posted by deepcore under Security (No Respond)
Archive for September, 2020
[local] Input Director 1.4.3 – 'Input Director' Unquoted Service Path
Posted by deepcore under Security (No Respond)
Cabot 0.11.12 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Cabot version 0.11.12 suffers from a persistent cross site scripting vulnerability.
Joomla GMapFP J3.5 / J3.5F Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
Grocy 2.7.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Grocy version 2.7.1 suffers from a persistent cross site scripting vulnerability.
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability.
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user […]
[local] ShareMouse 5.0.43 – 'ShareMouse Service' Unquoted Service Path
Posted by deepcore under Security (No Respond)
[webapps] ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
Posted by deepcore under Security (No Respond)
ManageEngine Applications Manager 14700 – Remote Code Execution (Authenticated)
Tags: 0day, remote exploit[webapps] grocy 2.7.1 – Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)