Moxa Command Injection / Cross Site Scripting / Vulnerable Software
Posted by deepcore under exploit (No Respond)
Many Moxa devices suffer from command injection, cross site scripting, and outdated software vulnerabilities.
Archive for September, 2021
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
Posted by deepcore under exploit (No Respond)
Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10.37 are vulnerable to a bug in the eBPF verifier’s verification of ALU32 operations in the scalar32_min_max_and function when performing AND operations, whereby under certain conditions the bounds of a 32 bit register would not be properly updated. This can be abused by attackers to […]
Packet Storm New Exploits For August, 2021
Posted by deepcore under exploit (No Respond)
This archive contains all of the 116 exploits added to Packet Storm in August, 2021.
[webapps] WPanel 4.3.1 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] Compro Technology IP Camera – ' index_MJpeg.cgi' Stream Disclosure
Posted by deepcore under Security (No Respond)
[webapps] Compro Technology IP Camera – 'Multiple' Credential Disclosure
Posted by deepcore under Security (No Respond)
[webapps] Compro Technology IP Camera – RTSP stream disclosure (Unauthenticated)
Posted by deepcore under Security (No Respond)
[webapps] OpenSIS Community 8.0 – 'cp_id_miss_attn' SQL Injection
Posted by deepcore under Security (No Respond)
[webapps] Compro Technology IP Camera – 'killps.cgi' Denial-of-Service (DoS)
Posted by deepcore under Security (No Respond)
[webapps] Compro Technology IP Camera – ' mjpegStreamer.cgi' Screenshot Disclosure
Posted by deepcore under Security (No Respond)