2022 August

[webapps] Prestashop blockwishlist module 2.1.0 – SQLi

Posted by deepcore under Security (No Respond)

Prestashop blockwishlist module 2.1.0 – SQLi

Tags: 0day, remote exploit

[webapps] ThingsBoard 3.3.1 'description' – Stored Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

ThingsBoard 3.3.1 ‘description’ – Stored Cross-Site Scripting (XSS)

Tags: 0day, remote exploit

Thingsboard 3.3.1 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities.

WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WordPress Testimonial Slider and Showcase plugin version 2.2.6 suffers from a persistent cross site scripting vulnerability.

Online Admission System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Online Admission System version 1.0 suffers from a remote SQL injection vulnerability.

Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Bushtrommel.122 malware suffers from an authentication bypass vulnerability.

Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Bushtrommel.122 malware suffers from an unauthenticated remote command execution vulnerability.

WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

WordPress Ecwid Ecommerce Shopping Cart plugin versions 6.10.23 and below suffer from a cross site request forgery vulnerability.

Zimbra UnRAR Path Traversal

Posted by deepcore under exploit (No Respond)

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a […]

Zimbra UnRAR Path Traversal

Posted by deepcore under exploit (No Respond)

This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a […]

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

[webapps] Prestashop blockwishlist module 2.1.0 – SQLi

[webapps] ThingsBoard 3.3.1 'description' – Stored Cross-Site Scripting (XSS)

Thingsboard 3.3.1 Cross Site Scripting

WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting

Online Admission System 1.0 SQL Injection

Backdoor.Win32.Bushtrommel.122 MVID-2022-0629 Authentication Bypass

Backdoor.Win32.Bushtrommel.122 MVID-2022-0630 Remote Command Execution

WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery

Zimbra UnRAR Path Traversal

Zimbra UnRAR Path Traversal

Tabs Switcher

Categories

Archives

Meta

BLOGROLL