[webapps] Grav CMS 1.7.10 – Server-Side Template Injection (SSTI) (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for June, 2021
[webapps] Rocket.Chat 3.12.1 – NoSQL Injection to RCE (Unauthenticated)
Posted by deepcore under Security (No Respond)
[local] IcoFX 2.6 – '.ico' Buffer Overflow SEH + DEP Bypass using JOP
Posted by deepcore under Security (No Respond)
[webapps] WordPress Plugin Smart Slider-3 3.5.0.8 – 'name' Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
WordPress Plugin Smart Slider-3 3.5.0.8 – ‘name’ Stored Cross-Site Scripting (XSS)
Tags: 0day, remote exploit[webapps] OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
Posted by deepcore under Security (No Respond)
OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 – Remote Code Execution (Authenticated)
Tags: 0day, remote exploit[dos] Sticky Notes & Color Widgets 1.4.2 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
FileCOPA FTP Server 1.01 Denial Of Service
Posted by deepcore under exploit (No Respond)
FileCOPA FTP Server version 1.01 denial of service exploit.
HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration
Posted by deepcore under exploit (No Respond)
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 suffer from a user enumeration vulnerability.
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Posted by deepcore under exploit (No Respond)
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
Posted by deepcore under exploit (No Respond)
HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user’s email address needed.