WordPress Good LMS 2.1.4 SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress Good LMS plugin versions 2.1.4 and below suffer from a remote SQL injection vulnerability.
Archive for November, 2020
SaltStack Salt REST API Arbitrary Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt’s REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5, 2019.2.5, 2019.2.6, 3000.3, 3000.4, 3001.1, 3001.2, and 3002. Tested against 2019.2.3 from Vulhub and 3002 […]
http://www.sskh.moph.go.th
Posted by deepcore under defacement (No Respond)
http://www.sskh.moph.go.th notified by Al Catraz
Tags: defacement[webapps] OpenCart Theme Journal 3.1.0 – Sensitive Data Exposure
Posted by deepcore under Security (No Respond)
[local] IDT PC Audio 1.0.6425.0 – 'STacSV' Unquoted Service Path
Posted by deepcore under Security (No Respond)
[local] SAntivirus IC 10.0.21.61 – 'SAntivirusIC' Unquoted Service Path
Posted by deepcore under Security (No Respond)
[local] DigitalPersona 5.1.0.656 'DpHostW' – Unquoted Service Path
Posted by deepcore under Security (No Respond)
[webapps] Apache Tomcat – AJP 'Ghostcat' File Read/Inclusion (Metasploit)
Posted by deepcore under Security (No Respond)
[webapps] Touchbase.io 1.10 – Stored Cross Site Scripting
Posted by deepcore under Security (No Respond)
