[webapps] Savsoft Quiz Enterprise Version 5.5 – Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
Archive for September, 2020
Packet Storm New Exploits For August, 2020
Posted by deepcore under exploit (No Respond)
This archive contains all of the 128 exploits added to Packet Storm in August, 2020.
Bagisto Credential Disclosure
Posted by deepcore under exploit (No Respond)
As of 2020/09/01, all versions of Bagisto appear to leak database and email server credentials in the document root.
Sagemcom F@ST 5280 Privilege Escalation
Posted by deepcore under exploit (No Respond)
Sagemcom F@ST 5280 routers using firmware version 1.150.61, and possibly others, have an insecure deserialization vulnerability that allows any authenticated user to perform a privilege escalation to any other user. By making a request with valid sess_id, nonce, and ha1 values inside of the serialized session cookie, an attacker may alter the user value inside […]
Rebar3 3.13.2 Command Injection
Posted by deepcore under exploit (No Respond)
Rebar3 versions 3.0.0-beta.3 through 3.13.2 suffer from a command injection vulnerability.
Kamailio 5.4.0 Header Smuggling
Posted by deepcore under exploit (No Respond)
Kamailio version 5.4.0 is vulnerable to header smuggling via a bypass of remove_hf.
Mara CMS 7.5 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Mara CMS version 7.5 suffers from a remote code execution vulnerability.
moziloCMS 2.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
moziloCMS version 2.0 suffers from a persistent cross site scripting vulnerability.
[webapps] Stock Management System 1.0 – Cross-Site Request Forgery (Change Username)
Posted by deepcore under Security (No Respond)
Stock Management System 1.0 – Cross-Site Request Forgery (Change Username)
Tags: 0day, remote exploitTP-Link WDR4300 Remote Code Execution
Posted by deepcore under exploit (No Respond)
TP-Link WDR4300 with firmware versions 3.13.33 and 3.14.3 post-authentication remote code execution exploit.