WinAVR 20100110 Insecure Folder Permissions
Posted by deepcore under exploit (No Respond)
WinAVR version 20100110 suffers from an insecure folder permissions vulnerability.
Archive for January, 2021
NTLM BITS SYSTEM Token Impersonation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server (WinRM) every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server, which allows to steal a SYSTEM […]
IPS Community Suite 4.5.4 SQL Injection
Posted by deepcore under exploit (No Respond)
IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.
[webapps] CRUD Operation 1.0 – Multiple Stored XSS
Posted by deepcore under Security (No Respond)
[webapps] ECSIMAGING PACS 6.21.5 – SQL injection
Posted by deepcore under Security (No Respond)
[webapps] iBall-Baton WRA150N Rom-0 Backup – File Disclosure (Sensitive Information)
Posted by deepcore under Security (No Respond)
iBall-Baton WRA150N Rom-0 Backup – File Disclosure (Sensitive Information)
Tags: 0day, remote exploit[webapps] Curfew e-Pass Management System 1.0 – Stored XSS
Posted by deepcore under Security (No Respond)
[webapps] Cockpit CMS 0.6.1 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[webapps] Employee Record System 1.0 – Unrestricted File Upload to Remote Code Execution
Posted by deepcore under Security (No Respond)
Employee Record System 1.0 – Unrestricted File Upload to Remote Code Execution
Tags: 0day, remote exploit[webapps] ECSIMAGING PACS 6.21.5 – Remote code execution
Posted by deepcore under Security (No Respond)
