WordPress Contact Form Builder 1.6.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Contact Form Builder plugin version 1.6.1 suffers from a cross site scripting vulnerability.
Archive for February, 2022
Hotel Reservation System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Hotel Reservation System version 1.0 suffers from a remote SQL injection vulnerability.
WordPress Simple Job Board 2.9.3 Local File Inclusion
Posted by deepcore under exploit (No Respond)
WordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability.
Wing FTP Server 4.3.8 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Wing FTP Server versions 4.3.8 and below suffer from an authenticated remote code execution vulnerability.
PHP Everywhere 2.0.3 Remote Code Execution
Posted by deepcore under exploit (No Respond)
PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.
Strapi CMS 3.0.0-beta.17.4 Privilege Escalation
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits the mishandling of a password reset in JSON for Strapi CMS version 3.0.0-beta.17.4 to change the password of a privileged user.
QEMU Monitor HMP migrate Command Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module uses QEMU’s Monitor Human Monitor Interface (HMP) TCP server to execute system commands using the migrate command. This module has been tested successfully on QEMU version 6.2.0 on Ubuntu 20.04.
[webapps] AtomCMS v2.0 – SQLi
Posted by deepcore under Security (No Respond)
[webapps] Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
Exam Reviewer Management System 1.0 – Remote Code Execution (RCE) (Authenticated)
Tags: 0day, remote exploit[webapps] Exam Reviewer Management System 1.0 – ‘id’ SQL Injection
Posted by deepcore under Security (No Respond)