[webapps] GetSimple CMS 3.3.4 – Information Disclosure
Posted by deepcore under Security (No Respond)
Archive for June, 2021
[webapps] Apache Airflow 1.10.10 – 'Example Dag' Remote Code Execution
Posted by deepcore under Security (No Respond)
Korenix CSRF / Backdoor Accounts / Command Injection / Missing Authentication
Posted by deepcore under exploit (No Respond)
Multiple Korenix products are affected by unauthenticated device administration, backdoor accounts, cross site request forgery, unauthenticated tftp actions, and command injection vulnerabilities. Products affected include JetNet 5428G-20SFP, JetNet 5810G, JetNet 4706F, JetNet 4706, JetNet 4706, JetNet 4510, JetNet 5010, JetNet 5310, and JetNet 6095.
Trojan.Win32.Scar.dulk Insecure Permissions
Posted by deepcore under exploit (No Respond)
Trojan.Win32.Scar.dulk malware suffers from an insecure permissions vulnerability.
Backdoor.Win32.NerTe.772 Authentication Bypass / Code Execution
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.NerTe.772 malware suffers from bypass and code execution vulnerabilities.
Backdoor.Win32.NerTe.772 Code Execution
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.NerTe.772 malware suffers from a code execution vulnerability.
Backdoor.Win32.Netbus.12 Information Disclosure
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Netbus.12 malware suffers from an information leakage vulnerability.
Backdoor.Win32.NetControl2.293 Code Execution
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.NetControl2.293 malware suffers from a code execution vulnerability.
Backdoor.Win32.Whirlpool.a Buffer Overflow
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Whirlpool.a malware suffers from a buffer overflow vulnerability.
PHP 8.1.0-dev Backdoor Remote Command Execution
Posted by deepcore under exploit (No Respond)
PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.