Subscribe via feed.
Archive for June, 2021

[webapps] Atlassian Jira Server/Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

Atlassian Jira Server/Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS)

Tags: ,

[webapps] WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin YOP Polls 6.2.7 – Stored Cross Site Scripting (XSS)

Tags: ,

VMware vCenter 6.5 / 6.7 / 7.0 Remote Code Execution

Posted by deepcore under exploit (No Respond)

VMware vCenter server versions 6.5, 6.7, and 7.0 unauthenticated remote code execution exploit.

Backdoor.Win32.ReverseTrojan.200 Authentication Bypass

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.ReverseTrojan.200 malware suffers from an authentication bypass vulnerability.

Trojan.Win32.SecondThought.ak Insecure Permissions

Posted by deepcore under exploit (No Respond)

Trojan.Win32.SecondThought.ak malware suffers from an insecure permissions vulnerability.

Adobe ColdFusion 8 Remote Command Execution

Posted by deepcore under exploit (No Respond)

Adobe ColdFusion 8 remote command execution exploit.

Trojan.Win32.Banpak.kh Insecure Permissions

Posted by deepcore under exploit (No Respond)

Trojan.Win32.Banpak.kh malware suffers from an insecure permissions vulnerability.

Huawei DG8045 Authentication Bypass

Posted by deepcore under exploit (No Respond)

Huawei DG8045 ships with a default password that is the last 8 character of the device’s serial number listed on the back.

TP-Link TL-WR841N Command Injection

Posted by deepcore under exploit (No Respond)

TP-Link TL-WR841N suffers from a remote command injection vulnerability.

Trojan-Dropper.Win32.Juntador.a Weak Hardcoded Password

Posted by deepcore under exploit (No Respond)

Trojan-Dropper.Win32.Juntador.a malware suffers from having a weak hardcoded password.