Exponent CMS 2.6 Cross Site Scripting / Brute Force
Posted by deepcore under exploit (No Respond)
Exponent CMS version 2.6 suffers from cross site scripting and brute forcing vulnerabilities.
Archive for December, 2021
Aver EVC300 Firmware 00.10.16.36 Hardcoded Secrets
Posted by deepcore under exploit (No Respond)
Aver EVC300 firmware version 00.10.16.36 suffers from having multiple hard-coded secrets that can allow for access bypass.
Alfa Team Shell Tesla 4.1 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Alfa Team Shell Tesla version 4.1 suffers from a remote code execution vulnerability.
Signup PHP Portal 2.1 Shell Upload
Posted by deepcore under exploit (No Respond)
Signup PHP Portal version 2.1 suffers from a remote shell upload vulnerability.
Video Sharing Website 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Video Sharing Website version 1.0 appears to suffer from a remote SQL injection vulnerability.
Bazaar Web PHP Social Listings Shell Upload
Posted by deepcore under exploit (No Respond)
Bazaar Web PHP Social Listings suffers from a remote shell upload vulnerability.
WordPress Popular Posts 5.3.2 Remote Code Execution
Posted by deepcore under exploit (No Respond)
This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to getting a GET request. This exploit leverages […]
[webapps] Exponent CMS 2.6 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)
[webapps] phpKF CMS 3.00 Beta y6 – Remote Code Execution (RCE) (Unauthenticated)
Posted by deepcore under Security (No Respond)
[webapps] WBCE CMS 1.5.1 – Admin Password Reset
Posted by deepcore under Security (No Respond)