Seat Reservation System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Seat Reservation System version 1.0 suffers from an unauthenticated remote SQL injection vulnerability.
Archive for September, 2020
Visitor Management System In PHP 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Visitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.
Visitor Management System In PHP 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Visitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
Jenkins 2.56 CLI Deserialization / Code Execution
Posted by deepcore under exploit (No Respond)
An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data. Because of this, a malicious serialized object contained within a serialized SignedObject can […]
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and successful exploitation of this vulnerability yields remote code execution as root on the remote […]
[webapps] Online Food Ordering System 1.0 – Remote Code Execution
Posted by deepcore under Security (No Respond)
B-swiss 3 Digital Signage System 3.6.5 Database Disclosure
Posted by deepcore under exploit (No Respond)
B-swiss 3 Digital Signage System version 3.6.5 is vulnerable to an unauthenticated database download and information disclosure vulnerability. This can enable the attacker to disclose sensitive information resulting in authentication bypass, session hijacking and full system control.
B-swiss 3 Digital Signage System 3.6.5 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
B-swiss 3 Digital Signage System version 3.6.5 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
ForensiTAppxService 2.2.0.4 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
ForensiTAppxService version 2.2.0.4 suffers from an unquoted service path vulnerability.
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Posted by deepcore under exploit (No Respond)
B-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be […]