2021 October

VMware vCenter Server Analytics (CEIP) Service File Upload

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a file upload in VMware vCenter Server’s analytics/telemetry (CEIP) service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default.

[webapps] Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass

Posted by deepcore under Security (No Respond)

Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass

Tags: 0day, remote exploit

[webapps] Online Enrollment Management System 1.0 – Authentication Bypass

Posted by deepcore under Security (No Respond)

Online Enrollment Management System 1.0 – Authentication Bypass

Tags: 0day, remote exploit

[webapps] Simple Online College Entrance Exam System 1.0 – Account Takeover

Posted by deepcore under Security (No Respond)

Simple Online College Entrance Exam System 1.0 – Account Takeover

Tags: 0day, remote exploit

[webapps] Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation

Posted by deepcore under Security (No Respond)

Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation

Tags: 0day, remote exploit

[webapps] WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated)

Posted by deepcore under Security (No Respond)

WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated)

Tags: 0day, remote exploit

[webapps] django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

[webapps] Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated)

Posted by deepcore under Security (No Respond)

Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated)

Tags: 0day, remote exploit

[webapps] IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated)

Posted by deepcore under Security (No Respond)

IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated)

Tags: 0day, remote exploit

[webapps] Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated)

Posted by deepcore under Security (No Respond)

Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated)

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

VMware vCenter Server Analytics (CEIP) Service File Upload

[webapps] Online Employees Work From Home Attendance System 1.0 – SQLi Authentication Bypass

[webapps] Online Enrollment Management System 1.0 – Authentication Bypass

[webapps] Simple Online College Entrance Exam System 1.0 – Account Takeover

[webapps] Simple Online College Entrance Exam System 1.0 – Unauthenticated Admin Creation

[webapps] WordPress Plugin Pie Register 3.7.1.4 – Admin Privilege Escalation (Unauthenticated)

[webapps] django-unicorn 0.35.3 – Stored Cross-Site Scripting (XSS)

[webapps] Maian-Cart 3.8 – Remote Code Execution (RCE) (Unauthenticated)

[webapps] IFSC Code Finder Project 1.0 – SQL injection (Unauthenticated)

[webapps] Online Traffic Offense Management System 1.0 – Privilage escalation (Unauthenticated)

Tabs Switcher

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

BLOGROLL