Simple Public Chat Room 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Simple Public Chat Room version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Archive for January, 2021
Klog Server 2.4.1 Command Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and below.
Cemetery Mapping And Information System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Cemetery Mapping and Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Original discovery of SQL injection in this version is attributed to Mesut Cetin in January of 2021.
Simple Public Chat Room 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Simple Public Chat Room version 1.0 suffers from an authenticated persistent cross site scripting vulnerability.
Oracle WebLogic Server 12.2.1.0 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Oracle WebLogic Server 12.2.1.0 unauthenticated remote code execution exploit.
[webapps] Openlitespeed Web Server 1.7.8 – Command Injection (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] STVS ProVision 5.9.10 – Cross-Site Request Forgery (Add Admin)
Posted by deepcore under Security (No Respond)
[webapps] STVS ProVision 5.9.10 – File Disclosure (Authenticated)
Posted by deepcore under Security (No Respond)
MyBB Timeline 1.0 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
MyBB Timeline plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities.