2021 August

GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution

Posted by deepcore under exploit (No Respond)

GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.

Lucee Administrator imgProcess.cfm Arbitrary File Write

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.

[remote] crossfire-server 1.9.0 – 'SetUp()' Remote Buffer Overflow

Posted by deepcore under Security (No Respond)

crossfire-server 1.9.0 – ‘SetUp()’ Remote Buffer Overflow

Tags: 0day, remote exploit

[webapps] Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Tags: 0day, remote exploit

[webapps] COVID19 Testing Management System 1.0 – 'Multiple' SQL Injections

Posted by deepcore under Security (No Respond)

COVID19 Testing Management System 1.0 – ‘Multiple’ SQL Injections

Tags: 0day, remote exploit

[webapps] Crime records Management System 1.0 – 'Multiple' SQL Injection (Authenticated)

Posted by deepcore under Security (No Respond)

Crime records Management System 1.0 – ‘Multiple’ SQL Injection (Authenticated)

Tags: 0day, remote exploit

Lucee Administrator imgProcess.cfm Arbitrary File Write

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an arbitrary file write in Lucee Administrator’s imgProcess.cfm file to execute commands as the Tomcat user.

Tiny Java Web Server 1.115 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Tiny Java Web Server and Servlet Container versions 1.115 and below suffer from a cross site scripting vulnerability.

Firebase PHP-JWT Algorithm Confusion

Posted by deepcore under exploit (No Respond)

Firebase’s PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.

CentOS Web Panel 0.9.8.1081 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

CentOS Web Panel version 0.9.8.1081 suffers from a persistent cross site scripting vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution

Lucee Administrator imgProcess.cfm Arbitrary File Write

[remote] crossfire-server 1.9.0 – 'SetUp()' Remote Buffer Overflow

[webapps] Simple Image Gallery 1.0 – Remote Code Execution (RCE) (Unauthenticated)

[webapps] COVID19 Testing Management System 1.0 – 'Multiple' SQL Injections

[webapps] Crime records Management System 1.0 – 'Multiple' SQL Injection (Authenticated)

Lucee Administrator imgProcess.cfm Arbitrary File Write

Tiny Java Web Server 1.115 Cross Site Scripting

Firebase PHP-JWT Algorithm Confusion

CentOS Web Panel 0.9.8.1081 Cross Site Scripting

Tabs Switcher

Categories

Archives

Meta

BLOGROLL