Subscribe via feed.
Archive for December, 2020

Artworks Gallery Management System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Artworks Gallery Management System version 1.0 suffers from a remote SQL injection vulnerability.

Android Studio Privilege Escalation

Posted by deepcore under exploit (No Respond)

Android Studio has an issue where a malicious project can execute a custom cmd.exe allowing for privilege escalation. Google does not believe this is an issue.

CSE Bookstore 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

CSE Bookstore version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Alper Basaran in October of 2020.

WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.

Webmin 1.962 Remote Command Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.

Library Management System 3.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Library Management System version 3.0 suffers from a persistent cross site scripting vulnerability.

Multi Branch School Management System 3.5 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Multi Branch School Management System version 3.5 suffers from a persistent cross site scripting vulnerability.

Linux TIOCSPGRP Broken Locking

Posted by deepcore under exploit (No Respond)

Linux suffers from broken locking in TIOCSPGRP that can lead to a corrupted refcount.

[webapps] Baby Care System 1.0 – 'roleid' SQL Injection

Posted by deepcore under Security (No Respond)

Baby Care System 1.0 – ‘roleid’ SQL Injection

Tags: ,

[webapps] TerraMaster TOS 4.2.06 – Unauthenticated Remote Code Execution (Metasploit)

Posted by deepcore under Security (No Respond)

TerraMaster TOS 4.2.06 – Unauthenticated Remote Code Execution (Metasploit)

Tags: ,