Archive for November, 2021
Posted by deepcore under Security (No Respond)
[webapps] Bus Pass Management System 1.0 – 'Search' SQL injection
Posted by deepcore under Security (No Respond)
[webapps] Webrun 3.6.0.42 – 'P_0' SQL Injection
Posted by deepcore under Security (No Respond)
[local] Linux Kernel 5.1.x – 'PTRACE_TRACEME' pkexec Local Privilege Escalation (2)
Posted by deepcore under Security (No Respond)
Linux Kernel 5.1.x – ‘PTRACE_TRACEME’ pkexec Local Privilege Escalation (2)
Tags: 0day, remote exploit[webapps] WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure
Posted by deepcore under Security (No Respond)
WordPress Plugin WP Guppy 1.1 – WP-JSON API Sensitive Information Disclosure
Tags: 0day, remote exploit[remote] GNU gdbserver 9.2 – Remote Command Execution (RCE)
Posted by deepcore under Security (No Respond)
[webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection
Posted by deepcore under Security (No Respond)
[dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS)
Posted by deepcore under Security (No Respond)
[dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)
Posted by deepcore under Security (No Respond)
Apache Storm Nimbus 2.2.0 Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits an unauthenticated command injection vulnerability within the Nimbus service component of Apache Storm. The getTopologyHistory RPC method method takes a single argument which is the name of a user which is concatenated into a string that is executed by bash. In order for the vulnerability to be exploitable, there must have […]