Backdoor.Win32.Agent.afq Directory Traversal
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Agent.afq malware suffers from a directory traversal vulnerability.
Archive for April, 2021
Backdoor.Win32.Agent.afq Heap Corruption
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Agent.afq malware suffers from a heap corruption vulnerability.
Android NFC Stack Out-Of-Bounds Write
Posted by deepcore under exploit (No Respond)
Android suffers from an out-of-bounds write in the NFC stack when handling MIFARE Classic TLVs.
PFSense 2.5.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
PFSense version 2.5.0 suffers from a persistent cross site scripting vulnerability.
[webapps] FOGProject 1.5.9 – File Upload RCE (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] Cacti 1.2.12 – 'filter' SQL Injection / Remote Code Execution
Posted by deepcore under Security (No Respond)
http://mhkpeo.go.th/er.php
Posted by deepcore under defacement (No Respond)
http://mhkpeo.go.th/er.php notified by LahBodoAmat
Tags: defacement[webapps] Kirby CMS 3.5.3.1 – 'file' Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
Montiorr 1.7.6m Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
Apache Druid 0.20.0 Remote Command Execution
Posted by deepcore under exploit (No Respond)
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript code-execution feature and executes the supplied code all at once, allowing for code […]