2022 January

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

Posted by deepcore under exploit (No Respond)

The Ubiquiti UniFi Network Application versions 5.13.29 through 6.5.53 are affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server via the remember field of a POST request to the /api/login endpoint that will cause the server to connect to the attacker and deserialize a malicious Java object. This results […]

[webapps] PHPIPAM 1.4.4 – SQLi (Authenticated)

Posted by deepcore under Security (No Respond)

PHPIPAM 1.4.4 – SQLi (Authenticated)

Tags: 0day, remote exploit

[webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated)

Posted by deepcore under Security (No Respond)

Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated)

Tags: 0day, remote exploit

[webapps] Online Project Time Management System 1.0 – SQLi (Authenticated)

Posted by deepcore under Security (No Respond)

Online Project Time Management System 1.0 – SQLi (Authenticated)

Tags: 0day, remote exploit

[webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload

Posted by deepcore under Security (No Respond)

Landa Driving School Management System 2.0.1 – Arbitrary File Upload

Tags: 0day, remote exploit

Online Project Time Management 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Online Project Time Management version 1.0 suffers from a remote SQL injection vulnerability.

Banco Guayaquil 8.0.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Banco Guayaquil for iOS version 8.0.0 suffers from a script insertion vulnerability where a user can insert malicious code into their own name and could possibly be leveraged for attacks upstream.

Backdoor.Win32.Wollf.16 Authentication Bypass

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Wollf.16 malware suffers from an authentication bypass vulnerability.

Backdoor.Win32.Wollf.16 Hardcoded Credential

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Wollf.16 malware suffers from a hardcoded credential vulnerability.

VulturiBuilder Insecure Permissions

Posted by deepcore under exploit (No Respond)

VulturiBuilder malware suffers from an insecure permissions vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

UniFi Network Application Unauthenticated Log4Shell Remote Code Execution

[webapps] PHPIPAM 1.4.4 – SQLi (Authenticated)

[webapps] Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated)

[webapps] Online Project Time Management System 1.0 – SQLi (Authenticated)

[webapps] Landa Driving School Management System 2.0.1 – Arbitrary File Upload

Online Project Time Management 1.0 SQL Injection

Banco Guayaquil 8.0.0 Cross Site Scripting

Backdoor.Win32.Wollf.16 Authentication Bypass

Backdoor.Win32.Wollf.16 Hardcoded Credential

VulturiBuilder Insecure Permissions

Tabs Switcher

Categories

Archives

Meta

BLOGROLL