[webapps] DynPG 4.9.1 – Persistent Cross-Site Scripting (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for October, 2020
[webapps] Kentico CMS 9.0-12.0.49 – Persistent Cross Site Scripting
Posted by deepcore under Security (No Respond)
Karel IP Phone IP1211 Web Management Panel Directory Traversal
Posted by deepcore under exploit (No Respond)
The Karel IP Phone IP1211 web management panel suffers from a directory traversal vulnerability.
EasyPMS 1.0.0 Authentication Bypass
Posted by deepcore under exploit (No Respond)
EasyPMS version 1.0.0 suffers from an authentication bypass vulnerability.
Liman 0.7 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Liman version 0.7 suffers from a cross site request forgery vulnerability.
BACnet Test Server 1.01 Remote Denial Of Service
Posted by deepcore under exploit (No Respond)
BACNet Test Server version 1.01 suffers from a denial of service vulnerability when sending a malformed BVLC Length UDP packet to port 47808 which causes the application to crash.
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
Posted by deepcore under exploit (No Respond)
A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication […]
[webapps] D-Link DSR-250N 3.12 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[webapps] SEO Panel 4.6.0 – Remote Code Execution
Posted by deepcore under Security (No Respond)
Krpano Panorama Viewer 1.20.8 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Krpano Panorama Viewer versions 1.20.8 and below suffer from a cross site scripting vulnerability.
