Subscribe via feed.
Archive for May, 2021

http://paisali.go.th/pun10.html

Posted by deepcore under defacement (No Respond)

http://paisali.go.th/pun10.html notified by Anonymous_R

Tags:

[webapps] Dental Clinic Appointment Reservation System 1.0 – Cross Site Request Forgery (Add Admin)

Posted by deepcore under Security (No Respond)

Dental Clinic Appointment Reservation System 1.0 – Cross Site Request Forgery (Add Admin)

Tags: ,

[webapps] Dental Clinic Appointment Reservation System 1.0 – 'Firstname' Persistent Cross Site Scripting (Authenticated)

Posted by deepcore under Security (No Respond)

Dental Clinic Appointment Reservation System 1.0 – ‘Firstname’ Persistent Cross Site Scripting (Authenticated)

Tags: ,

[webapps] IPFire 2.25 – Remote Code Execution (Authenticated)

Posted by deepcore under Security (No Respond)

IPFire 2.25 – Remote Code Execution (Authenticated)

Tags: ,

[webapps] Customer Relationship Management (CRM) System 1.0 – 'Category' Persistent Cross site Scripting

Posted by deepcore under Security (No Respond)

Customer Relationship Management (CRM) System 1.0 – ‘Category’ Persistent Cross site Scripting

Tags: ,

Chamilo LMS 1.11.14 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Chamilo LMS version 1.11.14 authenticated remote code execution exploit.

Podcast Generator 3.1 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Podcast Generator version 3.1 suffers from a persistent cross site scripting vulnerability.

Student Management System 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Student Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

Chrome Array Transfer Bypass

Posted by deepcore under exploit (No Respond)

The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.

ZeroShell 3.9.0 Remote Command Execution

Posted by deepcore under exploit (No Respond)

ZeroShell version 3.9.0 remote command execution exploit.