Backdoor.Win32.Cafeini.08.b Missing Authentication
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Cafeini.08.b malware suffers from a missing authentication vulnerability.
Archive for February, 2021
Klog Server 2.4.1 Command Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
Micro Focus Operations Bridge Manager Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an insecure permission vulnerability on a folder in Micro Focus Operations Bridge Manager. An unprivileged user (such as Guest) can drop a JSP file in an exploded WAR directory and then access it without authentication by making a request to the OBM server. This will result in automatic code execution as […]
[dos] Nsauditor 3.2.2.0 – 'Event Description' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[dos] AgataSoft PingMaster Pro 2.1 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[dos] Managed Switch Port Mapping Tool 2.85.2 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[webapps] Online Internship Management System 1.0 – 'email' SQL injection Auth Bypass
Posted by deepcore under Security (No Respond)
Online Internship Management System 1.0 – ’email’ SQL injection Auth Bypass
Tags: 0day, remote exploit[webapps] BlackCat CMS 1.3.6 – 'Display name' Cross Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
http://www.huaitoei.go.th/nkri.txt
Posted by deepcore under defacement (No Respond)
http://www.huaitoei.go.th/nkri.txt notified by Xyp3r2667
Tags: defacement[local] Tasks 9.7.3 – Insecure Permissions
Posted by deepcore under Security (No Respond)