Subscribe via feed.
Archive for August, 2021

BSCW Server Remote Code Execution

Posted by deepcore under exploit (No Respond)

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.

[webapps] WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)

Posted by deepcore under Security (No Respond)

WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)

Tags: ,

[webapps] Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)

Posted by deepcore under Security (No Respond)

Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)

Tags: ,

[webapps] Projectsend r1295 – 'name' Stored XSS

Posted by deepcore under Security (No Respond)

Projectsend r1295 – ‘name’ Stored XSS

Tags: ,

[webapps] Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)

Posted by deepcore under Security (No Respond)

Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)

Tags: ,

[webapps] Strapi 3.0.0-beta – Set Password (Unauthenticated)

Posted by deepcore under Security (No Respond)

Strapi 3.0.0-beta – Set Password (Unauthenticated)

Tags: ,

[local] MySQL User-Defined (Linux) x32 / x86_64 – 'sys_exec' Local Privilege Escalation (2)

Posted by deepcore under Security (No Respond)

MySQL User-Defined (Linux) x32 / x86_64 – ‘sys_exec’ Local Privilege Escalation (2)

Tags: ,

[webapps] Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)

Posted by deepcore under Security (No Respond)

Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)

Tags: ,

[webapps] Bus Pass Management System 1.0 – 'viewid' SQL Injection

Posted by deepcore under Security (No Respond)

Bus Pass Management System 1.0 – ‘viewid’ SQL Injection

Tags: ,

[webapps] Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated)

Tags: ,