Online Movie Streaming 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Online Movie Streaming version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Archive for January, 2021
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure
Posted by deepcore under exploit (No Respond)
PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit.
Node.js TLSWrap Use-After-Free
Posted by deepcore under exploit (No Respond)
Node version 14.11.0 is vulnerable to a use-after-free bug in its TLS implementation.
SpamTitan 7.07 Command Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an improper input sanitization in SpamTitan versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. Note that only version 7.03 needs authentication and no authentication is required for versions 7.01, 7.02 and 7.07.
[local] PaperStream IP (TWAIN) 1.42.0.5685 – Local Privilege Escalation
Posted by deepcore under Security (No Respond)
[local] WinAVR Version 20100110 – Insecure Folder Permissions
Posted by deepcore under Security (No Respond)
[webapps] Newgen Correspondence Management System (corms) eGov 12.0 – IDOR
Posted by deepcore under Security (No Respond)
[webapps] Advanced Webhost Billing System 3.7.0 – Cross-Site Request Forgery (CSRF)
Posted by deepcore under Security (No Respond)
Advanced Webhost Billing System 3.7.0 – Cross-Site Request Forgery (CSRF)
Tags: 0day, remote exploit[webapps] WordPress Plugin WP24 Domain Check 1.6.2 – 'fieldnameDomain' Stored Cross Site Scripting
Posted by deepcore under Security (No Respond)
WordPress Plugin WP24 Domain Check 1.6.2 – ‘fieldnameDomain’ Stored Cross Site Scripting
Tags: 0day, remote exploit[webapps] Responsive E-Learning System 1.0 – Stored Cross Site Scripting
Posted by deepcore under Security (No Respond)
