iTop Remote Command Execution
Posted by deepcore under exploit (No Respond)
iTop versions prior to 2.7.5 authenticated remote command execution exploit.
Archive for May, 2022
[webapps] m1k1o's Blog v.10 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] OpenCart v3.x Newsletter Module – Blind SQLi
Posted by deepcore under Security (No Respond)
Linux USB Use-After-Free
Posted by deepcore under exploit (No Respond)
Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
Linux USB Use-After-Free
Posted by deepcore under exploit (No Respond)
Linux usbnet code tells minidrivers to unbind while netdev is still up, causing use-after-free conditions.
PHPIPAM 1.4.4 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
PHPIPAM version 1.4.4 suffers from cross site request forgery and cross site scripting vulnerabilities.
LiquidFiles 3.4.15 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
LiquidFiles version 3.4.15 suffers from a cross site scripting vulnerability.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
Posted by deepcore under exploit (No Respond)
The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
Posted by deepcore under exploit (No Respond)
The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.
Emby Media Server 4.7.0.60 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Emby Media Server version 4.7.0.60 suffers from a cross site scripting vulnerability.