2021 September

[webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Microsoft Windows MSHTML Overview

Posted by deepcore under exploit (No Respond)

This article discusses the CVE-2021-40444 vulnerability and an alternative path that reduces the lines of JS code to trigger the issue and does not require CAB archives.

http://chaleang.go.th/er.php

Posted by deepcore under defacement (No Respond)

http://chaleang.go.th/er.php notified by LahBodoAmat

Tags: defacement

[webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass

Posted by deepcore under Security (No Respond)

Budget and Expense Tracker System 1.0 – Authenticated Bypass

Tags: 0day, remote exploit

[webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Tags: 0day, remote exploit

[webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)

Tags: 0day, remote exploit

[webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated)

Posted by deepcore under Security (No Respond)

WordPress 5.7 – ‘Media Library’ XML External Entity Injection (XXE) (Authenticated)

Tags: 0day, remote exploit

[webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated)

Posted by deepcore under Security (No Respond)

Church Management System 1.0 – ‘search’ SQL Injection (Unauthenticated)

Tags: 0day, remote exploit

[webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF)

Posted by deepcore under Security (No Respond)

T-Soft E-Commerce 4 – change ‘admin credentials’ Cross-Site Request Forgery (CSRF)

Tags: 0day, remote exploit

Simple Attendance System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

[webapps] Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

Microsoft Windows MSHTML Overview

http://chaleang.go.th/er.php

[webapps] Budget and Expense Tracker System 1.0 – Authenticated Bypass

[webapps] Church Management System 1.0 – Remote Code Execution (RCE) (Unauthenticated)

[webapps] Online Food Ordering System 2.0 – Remote Code Execution (RCE) (Unauthenticated)

[webapps] WordPress 5.7 – 'Media Library' XML External Entity Injection (XXE) (Authenticated)

[webapps] Church Management System 1.0 – 'search' SQL Injection (Unauthenticated)

[webapps] T-Soft E-Commerce 4 – change 'admin credentials' Cross-Site Request Forgery (CSRF)

Simple Attendance System 1.0 SQL Injection

Tabs Switcher

Categories

Archives

Meta

BLOGROLL