Ovidentia 6 SQL Injection
Posted by deepcore under exploit (No Respond)
Ovidentia version 6 suffers from a remote SQL injection vulnerability.
Archive for March, 2021
Worm.Win32.Recyl.dp Insecure Permissions
Posted by deepcore under exploit (No Respond)
Worm.Win32.Recyl.dp malware suffers from an insecure permissions vulnerability.
Worm.Win32.Ngrbot.acno Insecure Permissions
Posted by deepcore under exploit (No Respond)
Worm.Win32.Ngrbot.acno malware suffers from an insecure permissions vulnerability.
Genexis Platinum-4410 P4410-V2-1.31A Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Genexis Platinum-4410 version P4410-V2-1.31A suffers from a persistent cross site scripting vulnerability.
Backdoor.Win32.DarkKomet.gozu Insecure Permissions
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.DarkKomet.gozu malware suffers from an insecure permissions vulnerability.
Linksys EA7500 2.0.8.194281 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Linksys EA7500 version 2.0.8.194281 suffers from a cross site scripting vulnerability due to an old jQuery version.
FortiLogger Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated arbitrary file upload in FortiLogger via an insecure POST request. It has been tested on versions prior to 5.2.0 in Windows 10 Enterprise.
[webapps] Moodle 3.10.3 – 'label' Persistent Cross Site Scripting
Posted by deepcore under Security (No Respond)
[webapps] Regis Inventory And Monitoring System 1.0 – 'Item List' Stored XSS
Posted by deepcore under Security (No Respond)
[webapps] GetSimple CMS Custom JS Plugin 0.1 – CSRF to Persistent XSS
Posted by deepcore under Security (No Respond)