Backdoor.Win32.WinterLove.i Hardcoded Credential
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.WinterLove.i malware suffers from a hardcoded credential vulnerability.
Archive for September, 2021
ECOA Building Automation System Arbitrary File Deletion
Posted by deepcore under exploit (No Respond)
ECOA building automation systems suffer from an arbitrary file deletion vulnerability. Many versions are affected.
Internet Explorer JIT Optimization Memory Corruption
Posted by deepcore under exploit (No Respond)
Internet Explorer suffers from an issue where incorrect JIT optimization in jscript9.dll leads to memory corruption.
Atlassian Confluence WebWork OGNL Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an OGNL injection in Atlassian Confluence’s WebWork component to execute commands as the Tomcat user.
https://spm-sk.go.th
Posted by deepcore under defacement (No Respond)
https://spm-sk.go.th notified by Panataran
Tags: defacementhttps://www.nkpthospital.go.th/readme.html
Posted by deepcore under defacement (No Respond)
https://www.nkpthospital.go.th/readme.html notified by ./G1L4N6_ST86
Tags: defacementWordPress TablePress 1.14 CSV Injection
Posted by deepcore under exploit (No Respond)
WordPress TablePress plugin version 1.14 suffers from a csv injection vulnerability.
Rencode Denial Of Service
Posted by deepcore under exploit (No Respond)
The Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.
Ionic Identity Vault 4.7 Android Biometric Authentication Bypass
Posted by deepcore under exploit (No Respond)
Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
[webapps] Bus Pass Management System 1.0 – 'adminname' Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
Bus Pass Management System 1.0 – ‘adminname’ Stored Cross-Site Scripting (XSS)
Tags: 0day, remote exploit