WordPress Photo Gallery 1.5.69 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities.
Archive for April, 2021
xscreensaver Raw Socket Leak
Posted by deepcore under exploit (No Respond)
xscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.
Nagios XI 5.7.3 Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user.
Trojan.Win32.Agent.hsm Insecure Permissions
Posted by deepcore under exploit (No Respond)
Trojan.Win32.Agent.hsm malware suffers from an insecure permissions vulnerability.
http://plc.go.th
Posted by deepcore under defacement (No Respond)
http://plc.go.th notified by Family Attack Cyber
Tags: defacementglFTPd 2.11a Denial Of Service
Posted by deepcore under exploit (No Respond)
glFTPd version 2.11a remote denial of service exploit.
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Posted by deepcore under exploit (No Respond)
GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
[webapps] GetSimple CMS My SMTP Contact Plugin 1.1.1 – CSRF to RCE
Posted by deepcore under Security (No Respond)
Native Church Website 1.0 Shell Upload
Posted by deepcore under exploit (No Respond)
Native Church Website version 1.0 suffers from a remote shell upload vulnerability.
Simple Student Information System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.