[webapps] Teachers Record Management System 1.0 – 'searchteacher' SQL Injection
Posted by deepcore under Security (No Respond)
Archive for February, 2021
[webapps] TestLink 1.9.20 – Unrestricted File Upload (Authenticated)
Posted by deepcore under Security (No Respond)
http://www.phayumoph.go.th/nkri.txt
Posted by deepcore under defacement (No Respond)
http://www.phayumoph.go.th/nkri.txt notified by Xyp3r2667
Tags: defacementhttp://bkpw.go.th/nkri.txt
Posted by deepcore under defacement (No Respond)
http://bkpw.go.th/nkri.txt notified by Xyp3r2667
Tags: defacementhttps://maeteep-ngao.go.th/nkri.txt
Posted by deepcore under defacement (No Respond)
https://maeteep-ngao.go.th/nkri.txt notified by Xyp3r2667
Tags: defacementPDFCOMPLETE Corporate Edition 4.1.45 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
PDFCOMPLETE Corporate Edition version 4.1.45 suffers from an unquoted service path vulnerability.
School File Management System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
School File Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.
School Event Attendance Monitoring System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
School Event Attendance Monitoring System version 1.0 suffers from a persistent cross site scripting vulnerability.
SolarWinds Serv-U FTP Server 15.2.1 Path Traversal
Posted by deepcore under exploit (No Respond)
SolarWinds Serv-U File Server versions through 15.2.1 do not correctly validate path information, allowing the disclosure of files and directories outside of the user’s home directory via a specially crafted GET request.
SolarWinds Serv-U FTP Server 15.2.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
SolarWinds Serv-U FTP Server versions through 15.2.1 do not correctly sanitize and validate the user-supplied directory names, allowing malicious users to create directories that when clicked on (in the breadcrumb menu) will trigger cross site scripting payloads.