[webapps] Online Students Management System 1.0 – 'username' SQL Injections
Posted by deepcore under Security (No Respond)
Archive for October, 2020
[webapps] Small CRM 2.0 – 'email' SQL Injection
Posted by deepcore under Security (No Respond)
Twitter Analytics Open Redirect
Posted by deepcore under exploit (No Respond)
Twitter Analytics suffers from an open redirection vulnerability that can assist in phishing attacks.
Garfield Petshop 2020-10-01 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Garfield Petshop versions through 2020-10-01 suffer from a cross site request forgery vulnerability.
Atlassian Products Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Multiple Atlassian products suffer from persistent cross site scripting vulnerabilities. Vulnerable products include PlantUML version 6.43, Refined Toolkit for Confluence version 2.2.5, Linking for Confluence version 5.5.3, Countdown Timer version 1.7.0, and Server Status version 1.2.1.
http://panghinfon.go.th
Posted by deepcore under defacement (No Respond)
http://panghinfon.go.th notified by Ev!l Att@ck3r
Tags: defacementTextpattern CMS 4.6.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Textpattern CMS version 4.6.2 suffers from a persistent cross site scripting vulnerability.
Seat Reservation System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Seat Reservation System version 1.0 suffers from a persistent cross site scripting vulnerability.
D-Link DSR-250N Denial Of Service
Posted by deepcore under exploit (No Respond)
RedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
[webapps] openMAINT 1.1-2.4.2 – Arbitrary File Upload
Posted by deepcore under Security (No Respond)
