OTRS 6.0.1 Remote Command Execution
Posted by deepcore under exploit (No Respond)
OTRS version 6.0.1 remote command execution exploit.
Archive for April, 2021
Packed.Win32.Black.d Unauthenticated Open Proxy
Posted by deepcore under exploit (No Respond)
Packed.Win32.Black.d malware has an unauthenticated open proxy vulnerability.
BMD BMDWeb 2.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
BMD BMDWeb 2.0 versions prior to 24.01.21 suffer from persistent cross site scripting vulnerabilities.
[webapps] CMS Made Simple 2.2.15 – 'title' Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
[webapps] OTRS 6.0.1 – Remote Command Execution (2)
Posted by deepcore under Security (No Respond)
Cisco RV Authentication Bypass / Code Execution
Posted by deepcore under exploit (No Respond)
Cisco RV-series routers suffer from an authentication bypass vulnerability. The RV34X series are also affected by a command injection vulnerability in the sessionid cookie, when requesting the /upload endpoint. A combination of these issues would allow any person who is able to communicate with the web interface to run arbitrary system commands on the router […]
Phone Shop Sales Management System 1.0 Shell Upload
Posted by deepcore under exploit (No Respond)
Phone Shop Sales Management System version 1.0 suffers from a remote shell upload vulnerability.
Fibaro Home Center MITM / Missing Authentication / Code Execution
Posted by deepcore under exploit (No Respond)
Fibaro Home Center Light and Fibaro Home Center 2 versions 4.600 and below suffer from man-in-the-middle, missing authentication, remote command execution, and missing encryption vulnerabilities.
Microsoft DiagHub Privilege Escalation
Posted by deepcore under exploit (No Respond)
Microsoft Diaghub suffers from a privilege escalation vulnerability.
Discourse 2.7.0 2FA Bypass
Posted by deepcore under exploit (No Respond)
Discourse version 2.7.0 suffers from a 2FA bypass via a rate limiting bypass vulnerability.