[webapps] Library System 1.0 – 'category' SQL Injection
Posted by deepcore under Security (No Respond)
Archive for January, 2021
[webapps] CASAP Automated Enrollment System 1.0 – 'route' Stored XSS
Posted by deepcore under Security (No Respond)
[webapps] CASAP Automated Enrollment System 1.0 – 'First Name' Stored XSS
Posted by deepcore under Security (No Respond)
[webapps] MyBB Timeline Plugin 1.0 – Cross-Site Scripting / CSRF
Posted by deepcore under Security (No Respond)
[webapps] Collabtive 3.1 – 'address' Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
http://www.chaisatarn.go.th/Vz.txt
Posted by deepcore under defacement (No Respond)
http://www.chaisatarn.go.th/Vz.txt notified by VenoRyan
Tags: defacementOracle WebLogic Server 14.1.1.0 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Oracle WebLogic Server version 14.1.1.0 authenticated remote code execution exploit.
Selea Targa IP OCR-ANPR Camera Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Selea Targa IP OCR-ANPR Camera suffers from a persistent cross site scripting vulnerability. Multiple versions and firmwares are affected.
Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite
Posted by deepcore under exploit (No Respond)
Selea Targa IP OCR-ANPR Camera has a hard-coded password for a hidden and undocumented /dev.html page that enables the vendor to enable configuration upload / overwrite to the affected device using the checkManufacturer() function through an AJAX method. Multiple versions and firmwares are affected.
CASAP Automated Enrollment System 1.0 Authentication Bypass
Posted by deepcore under exploit (No Respond)
CASAP Automated Enrollment System version 1.0 suffers from an authentication bypass vulnerability.