Subscribe via feed.
Archive for November, 2021

[webapps] orangescrum 1.8.0 – 'Multiple' Cross-Site Scripting (XSS) (Authenticated)

Posted by deepcore under Security (No Respond)

orangescrum 1.8.0 – ‘Multiple’ Cross-Site Scripting (XSS) (Authenticated)

Tags: ,

[webapps] orangescrum 1.8.0 – Privilege escalation (Authenticated)

Posted by deepcore under Security (No Respond)

orangescrum 1.8.0 – Privilege escalation (Authenticated)

Tags: ,

Gerdab.ir SQL Injection

Posted by deepcore under exploit (No Respond)

Gerdab.ir suffers from a remote SQL injection vulnerability.

Bagisto 1.3.3 Client-Side Template Injection

Posted by deepcore under exploit (No Respond)

Bagisto version 1.3.3 suffers from a client-side template injection vulnerability.

Backdoor.Win32.Coredoor.10.a Authentication Bypass / Code Execution

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Coredoor.10.a malware suffers from bypass and code execution vulnerabilities.

Email-Worm.Win32.Deltad Insecure Permissions

Posted by deepcore under exploit (No Respond)

Email-Worm.Win32.Deltad malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Coredoor.10.a Man-In-The-Middle

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Coredoor.10.a malware suffers from a man-in-the-middle vulnerability.

D-Link DSL-3782 Pre-Authentication Remote Root

Posted by deepcore under exploit (No Respond)

D-Link DSL-3782 pre-authentication remote root exploit.

ManageEngine ADSelfService Plus Authentication Bypass / Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus – which is SYSTEM if started as a service.

[webapps] Bagisto 1.3.3 – Client-Side Template Injection

Posted by deepcore under Security (No Respond)

Bagisto 1.3.3 – Client-Side Template Injection

Tags: ,