[webapps] Monstra CMS 3.0.4 – Remote Code Execution (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for June, 2021
Microsoft RDP Remote Code Execution
Posted by deepcore under exploit (No Respond)
Proof of concept exploit for a remote code execution vulnerability in Microsoft’s RDP service.
GetSimple CMS 3.3.4 Information Disclosure
Posted by deepcore under exploit (No Respond)
GetSimple CMS version 3.3.4 suffers from an information disclosure vulnerability.
Apache Airflow 1.10.10 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Apache Airflow versions 1.10.10 and below suffer from a remote code execution vulnerability.
Intel Audio Service 01.00.1080.0 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
Intel Audio Service version 01.00.1080.0 suffers from an unquoted service path vulnerability.
Products.PluggableAuthService 2.6.0 Open Redirect
Posted by deepcore under exploit (No Respond)
Products.PluggableAuthService version 2.6.0 suffers from an open redirection vulnerability.
Backdoor.Win32.Delf.acz Buffer Overflow
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Delf.acz malware suffers from a buffer overflow vulnerability.
Seo Panel 4.8.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Seo Panel version 4.8.0 suffers from multiple cross site scripting vulnerabilities.
Thecus N4800Eco Command Injection
Posted by deepcore under exploit (No Respond)
Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.
Cacti 1.2.12 SQL Injection / Remote Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute […]