[webapps] Moodle 3.9 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
Archive for August, 2021
http://www.kuangrod.go.th
Posted by deepcore under defacement (No Respond)
http://www.kuangrod.go.th notified by sh007
Tags: defacementqdPM 9.2 Information Disclosure
Posted by deepcore under exploit (No Respond)
qdPM version 9.2 discloses the password and connection string for the database in an internet-accessible file.
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
Posted by deepcore under exploit (No Respond)
Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
[webapps] ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
Posted by deepcore under Security (No Respond)
ApacheOfBiz 17.12.01 – Remote Command Execution (RCE) via Unsafe Deserialization of XMLRPC arguments
Tags: 0day, remote exploit[webapps] qdPM 9.2 – DB Connection String and Password Exposure (Unauthenticated)
Posted by deepcore under Security (No Respond)
[webapps] qdPM 9.1 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] WordPress Plugin WP Customize Login 1.1 – 'Change Logo Title' Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
WordPress Plugin WP Customize Login 1.1 – ‘Change Logo Title’ Stored Cross-Site Scripting (XSS)
Tags: 0day, remote exploit[webapps] Client Management System 1.1 – 'cname' Stored Cross-site scripting (XSS)
Posted by deepcore under Security (No Respond)
https://rayonghospital.go.th/pwn.htm
Posted by deepcore under defacement (No Respond)
https://rayonghospital.go.th/pwn.htm notified by Toro
Tags: defacement