Subscribe via feed.
Archive for April, 2021

WordPress WPGraphQL 1.3.5 Denial Of Service

Posted by deepcore under exploit (No Respond)

WordPress WPGraphQL plugin version 1.3.5 suffers from a denial of service vulnerability.

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the /casa/private/config/slice/ha/certificate endpoint. Code execution occurs as the “admin” Unix user.

Kimai 1.14 CSV Injection

Posted by deepcore under exploit (No Respond)

Kimai version 1.14 suffers from a CSV injection vulnerability.

[dos] WordPress Plugin WPGraphQL 1.3.5 – Denial of Service

Posted by deepcore under Security (No Respond)

WordPress Plugin WPGraphQL 1.3.5 – Denial of Service

Tags: ,

[webapps] Montiorr 1.7.6m – File Upload to XSS

Posted by deepcore under Security (No Respond)

Montiorr 1.7.6m – File Upload to XSS

Tags: ,

[webapps] Kimai 1.14 – CSV Injection

Posted by deepcore under Security (No Respond)

Kimai 1.14 – CSV Injection

Tags: ,

Worm.Win32.Busan.k Insecure Transit

Posted by deepcore under exploit (No Respond)

Worm.Win32.Busan.k malware suffers from an insecure transit vulnerability.

Windows 10 Wi-Fi Drivers For Intel Wireless Adapters 22.30.0 Privilege Escalation

Posted by deepcore under exploit (No Respond)

Windows 10 Wi-Fi Drivers For Intel Wireless Adapters version 22.30.0 suffer from a privilege escalation vulnerability.

SEO Panel 4.8.0 SQL Injection

Posted by deepcore under exploit (No Respond)

SEO Panel version 4.8.0 remote blind SQL injection exploit. Original discovery in this version is attributed to Piyush Patil in February of 2021.

OpenPLC 3 Remote Code Execution

Posted by deepcore under exploit (No Respond)

OpenPLC version 3 authenticated remote code execution exploit.