2021 September

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation

Posted by deepcore under exploit (No Respond)

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.

iOS 15.0 Gamed Information Disclosure

Posted by deepcore under Apple (No Respond)

Zero day exploit for Gamed on iOS 15.0 that demonstrates information disclosure vulnerabilities.

Tags: Apple, ios, osx

iOS 15.0 nehelper Enumeration

Posted by deepcore under Apple (No Respond)

Zero day exploit for nehelper on iOS 15.0 that allows any user-installed application to determine whether any application is installed on the device given its bundle ID.

Tags: Apple, ios, osx

iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass

Posted by deepcore under Apple (No Respond)

Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the com.apple.developer.networking.wifi-info entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the […]

Tags: Apple, ios, osx

[remote] Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2)

Posted by deepcore under Security (No Respond)

Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2)

Tags: 0day, remote exploit

[webapps] WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

[webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – 'Add Admin' Cross-Site Request Forgery (CSRF)

Posted by deepcore under Security (No Respond)

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – ‘Add Admin’ Cross-Site Request Forgery (CSRF)

Tags: 0day, remote exploit

[webapps] WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

[webapps] WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

[webapps] WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)

Posted by deepcore under Security (No Respond)

WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation

iOS 15.0 Gamed Information Disclosure

iOS 15.0 nehelper Enumeration

iOS 15.0 Nehelper Wifi Info Entitlement Check Bypass

[remote] Apache James Server 2.3.2 – Remote Command Execution (RCE) (Authenticated) (2)

[webapps] WordPress Plugin Popup 1.10.4 – Reflected Cross-Site Scripting (XSS)

[webapps] FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 – 'Add Admin' Cross-Site Request Forgery (CSRF)

[webapps] WordPress Plugin Ultimate Maps 1.2.4 – Reflected Cross-Site Scripting (XSS)

[webapps] WordPress Plugin Contact Form 1.7.14 – Reflected Cross-Site Scripting (XSS)

[webapps] WordPress Plugin TranslatePress 2.0.8 – Stored Cross-Site Scripting (XSS) (Authenticated)

Tabs Switcher

Categories

Archives

Meta

BLOGROLL