Subscribe via feed.
Archive for March, 2021

[webapps] Concrete5 8.5.4 – 'name' Stored XSS

Posted by deepcore under Security (No Respond)

Concrete5 8.5.4 – ‘name’ Stored XSS

Tags: ,

[remote] vsftpd 3.0.3 – Remote Denial of Service

Posted by deepcore under Security (No Respond)

vsftpd 3.0.3 – Remote Denial of Service

Tags: ,

[webapps] TP-Link Devices – 'setDefaultHostname' Stored Cross-site Scripting (Unauthenticated)

Posted by deepcore under Security (No Respond)

TP-Link Devices – ‘setDefaultHostname’ Stored Cross-site Scripting (Unauthenticated)

Tags: ,

[webapps] WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)

Posted by deepcore under Security (No Respond)

WordPress Plugin WP Super Cache 1.7.1 – Remote Code Execution (Authenticated)

Tags: ,

[webapps] Novel Boutique House-plus 3.5.1 – Arbitrary File Download

Posted by deepcore under Security (No Respond)

Novel Boutique House-plus 3.5.1 – Arbitrary File Download

Tags: ,

Moodle Atto Editor Cross Site Scripting

Posted by deepcore under exploit (No Respond)

The Moodle Atto Editor, which does not have versions, suffers from a cross site scripting vulnerability.

Development Kamel KCFinder 1.7 Shell Upload

Posted by deepcore under exploit (No Respond)

Development Kamel KCFinder version 1.7 suffers from a remote shell upload vulnerability.

Backdoor.Win32.Kwak.12 Denial Of Service

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Kwak.12 malware suffers from a denial of service vulnerability.

Backdoor.Win32.Kwak.12 Authentication Bypass / Man-In-The-Middle

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Kwak.12 malware suffers from bypass and man-in-the-middle vulnerabilities.

GetSimple CMS Custom JS 0.1 Cross Site Request Forgery / Cross Site Scripting

Posted by deepcore under exploit (No Respond)

GetSimple CMS Custom JS plugin version 0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.