[webapps] Gitlab 14.9 – Authentication Bypass
Posted by deepcore under Security (No Respond)
Archive for April, 2022
Joomla Sexy Polling 2.1.7 SQL Injection
Posted by deepcore under exploit (No Respond)
Joomla Sexy Polling extension versions 2.1.7 and below suffer from a remote SQL injection vulnerability.
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
Posted by deepcore under exploit (No Respond)
The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.
Watch Queue Out-Of-Bounds Write
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a vulnerability in the Linux Kernel’s watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial of service if multiple failed attempts occur, however […]
ManageEngine ADSelfService Plus Custom Script Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits the “custom script” feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a “custom script” is arbitrary operating system command execution. This module uses an attacker provided “admin” account to insert the malicious payload into the custom […]
ManageEngine ADSelfService Plus Custom Script Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits the “custom script” feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a “custom script” is arbitrary operating system command execution. This module uses an attacker provided “admin” account to insert the malicious payload into the custom […]
Jenkins Remote Code Execution
Posted by deepcore under exploit (No Respond)
Jenkins exploit that chains CVE-2018-1000861, CVE-2019-1003005 and CVE-2019-1003029 to a more reliable and elegant pre-auth remote code execution. Jenkins versions below 2.138 are affected.
7-Zip 16 DLL Hijacking
Posted by deepcore under exploit (No Respond)
7-Zip versions 16 and below, and possibly other software that utilizes the HTML Help System to display help content to the user, are prone to a remote DLL hijacking issue which leads to arbitrary code execution due to an OS issue.
Online Restaurant Table Reservation System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Online Restaurant Table Reservation System version 1.0 suffers from a remote SQL injection vulnerability.
Pharmacy Management System 1.0 Shell Upload
Posted by deepcore under exploit (No Respond)
Pharmacy Management System version 1.0 suffers from a remote shell upload vulnerability.