[webapps] Webmin 1.973 – Cross-Site Request Forgery (CSRF)
Posted by deepcore under Security (No Respond)
Archive for July, 2021
[webapps] Garbage Collection Management System 1.0 – SQL Injection + Arbitrary File Upload
Posted by deepcore under Security (No Respond)
Garbage Collection Management System 1.0 – SQL Injection + Arbitrary File Upload
Tags: 0day, remote exploit[webapps] OpenEMR 5.0.1.3 – 'manage_site_files' Remote Code Execution (Authenticated) (2)
Posted by deepcore under Security (No Respond)
OpenEMR 5.0.1.3 – ‘manage_site_files’ Remote Code Execution (Authenticated) (2)
Tags: 0day, remote exploit[webapps] Invoice System 1.0 – 'Multiple' Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
[webapps] Apache Tomcat 9.0.0.M1 – Open Redirect
Posted by deepcore under Security (No Respond)
[webapps] WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
WordPress Plugin WPFront Notification Bar 1.9.1.04012 – Stored Cross-Site Scripting (XSS)
Tags: 0day, remote exploit[webapps] Apache Tomcat 9.0.0.M1 – Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
Zoo Management System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Zoo Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Church Management System 1.0 Shell Upload / SQL Injection
Posted by deepcore under exploit (No Respond)
Church Management System version 1.0 shell upload exploit that leverages SQL injection.
Polkit D-Bus Authentication Bypass
Posted by deepcore under exploit (No Respond)
A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operation to complete without being subjected to all of the necessary […]