2021 May

OpenNetAdmin 18.1.1 Remote Command Execution

Posted by deepcore under exploit (No Respond)

OpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.

AWS CloudShell Terminal Escape Injection / Remote Code Execution

Posted by deepcore under exploit (No Respond)

The javascript terminal emulator used by AWS CloudShell handles certain terminal escape codes incorrectly. This can lead to remote code execution if attacker controlled data is displayed in a CloudShell instance.

http://www.bpp1.go.th//images/fighter.gif

Posted by deepcore under defacement (No Respond)

http://www.bpp1.go.th//images/fighter.gif notified by Royal Battler BD

Tags: defacement

[local] Odoo 12.0.20190101 – 'nssm.exe' Unquoted Service Path

Posted by deepcore under Security (No Respond)

Odoo 12.0.20190101 – ‘nssm.exe’ Unquoted Service Path

Tags: 0day, remote exploit

[webapps] Microweber CMS 1.1.20 – Remote Code Execution (Authenticated)

Posted by deepcore under Security (No Respond)

Microweber CMS 1.1.20 – Remote Code Execution (Authenticated)

Tags: 0day, remote exploit

[webapps] PHP Timeclock 1.04 – 'Multiple' Cross Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

PHP Timeclock 1.04 – ‘Multiple’ Cross Site Scripting (XSS)

Tags: 0day, remote exploit

[local] TFTP Broadband 4.3.0.1465 – 'tftpt.exe' Unquoted Service Path

Posted by deepcore under Security (No Respond)

TFTP Broadband 4.3.0.1465 – ‘tftpt.exe’ Unquoted Service Path

Tags: 0day, remote exploit

[local] BOOTP Turbo 2.0.0.1253 – 'bootpt.exe' Unquoted Service Path

Posted by deepcore under Security (No Respond)

BOOTP Turbo 2.0.0.1253 – ‘bootpt.exe’ Unquoted Service Path

Tags: 0day, remote exploit

[local] DHCP Broadband 4.1.0.1503 – 'dhcpt.exe' Unquoted Service Path

Posted by deepcore under Security (No Respond)

DHCP Broadband 4.1.0.1503 – ‘dhcpt.exe’ Unquoted Service Path

Tags: 0day, remote exploit

[webapps] Human Resource Information System 0.1 – 'First Name' Persistent Cross-Site Scripting (Authenticated)

Posted by deepcore under Security (No Respond)

Human Resource Information System 0.1 – ‘First Name’ Persistent Cross-Site Scripting (Authenticated)

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

OpenNetAdmin 18.1.1 Remote Command Execution

AWS CloudShell Terminal Escape Injection / Remote Code Execution

http://www.bpp1.go.th//images/fighter.gif

[local] Odoo 12.0.20190101 – 'nssm.exe' Unquoted Service Path

[webapps] Microweber CMS 1.1.20 – Remote Code Execution (Authenticated)

[webapps] PHP Timeclock 1.04 – 'Multiple' Cross Site Scripting (XSS)

[local] TFTP Broadband 4.3.0.1465 – 'tftpt.exe' Unquoted Service Path

[local] BOOTP Turbo 2.0.0.1253 – 'bootpt.exe' Unquoted Service Path

[local] DHCP Broadband 4.1.0.1503 – 'dhcpt.exe' Unquoted Service Path

[webapps] Human Resource Information System 0.1 – 'First Name' Persistent Cross-Site Scripting (Authenticated)

Tabs Switcher

Categories

Archives

Meta

BLOGROLL