2021 June

GravCMS 1.10.7 Arbitrary YAML Write / Update

Posted by deepcore under exploit (No Respond)

GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.

NSClient++ 0.5.2.35 Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module allows an attacker with knowledge of the admin password of NSClient++ to start a privileged shell. For this module to work, both web interface of NSClient++ and ExternalScripts feature should be enabled.

[dos] n+otes 1.6.2 – Denial of Service (PoC)

Posted by deepcore under Security (No Respond)

n+otes 1.6.2 – Denial of Service (PoC)

Tags: 0day, remote exploit

[dos] Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC)

Posted by deepcore under Security (No Respond)

Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC)

Tags: 0day, remote exploit

[local] memono Notepad Version 4.2 – Denial of Service (PoC)

Posted by deepcore under Security (No Respond)

memono Notepad Version 4.2 – Denial of Service (PoC)

Tags: 0day, remote exploit

[webapps] Student Result Management System 1.0 – 'class' SQL Injection

Posted by deepcore under Security (No Respond)

Student Result Management System 1.0 – ‘class’ SQL Injection

Tags: 0day, remote exploit

[webapps] TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

Backdoor.Win32.Wuca.nz Insecure Permissions

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Wuca.nz malware suffers from an insecure permissions vulnerability.

Intelbras Router RF 301K Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

Intelbras Router RF 301K with firmware versions 1.1.2 through 1.1.5 suffer from a cross site request forgery vulnerability.

OpenCart 3.0.3.7 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

OpenCart version 3.0.3.7 suffers from a cross site request forgery vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

GravCMS 1.10.7 Arbitrary YAML Write / Update

NSClient++ 0.5.2.35 Remote Code Execution

[dos] n+otes 1.6.2 – Denial of Service (PoC)

[dos] Sticky Notes Widget Version 3.0.6 – Denial of Service (PoC)

[local] memono Notepad Version 4.2 – Denial of Service (PoC)

[webapps] Student Result Management System 1.0 – 'class' SQL Injection

[webapps] TextPattern CMS 4.8.7 – Stored Cross-Site Scripting (XSS)

Backdoor.Win32.Wuca.nz Insecure Permissions

Intelbras Router RF 301K Cross Site Request Forgery

OpenCart 3.0.3.7 Cross Site Request Forgery

Tabs Switcher

Categories

Archives

Meta

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

Categories

Archives

Meta

BLOGROLL