Subscribe via feed.
Archive for August, 2022

http://www.yangngam.go.th/index.php

Posted by deepcore under defacement (No Respond)

http://www.yangngam.go.th/index.php notified by ./Niz4r

Tags:

http://www.tungluang.go.th/index.php

Posted by deepcore under defacement (No Respond)

http://www.tungluang.go.th/index.php notified by ./Niz4r

Tags:

http://www.sajorakhea.go.th/index.php

Posted by deepcore under defacement (No Respond)

http://www.sajorakhea.go.th/index.php notified by ./Niz4r

Tags:

https://www.secpt.go.th

Posted by deepcore under defacement (No Respond)

https://www.secpt.go.th notified by ./Niz4r

Tags:

http://www.bankruatcity.go.th/index.php

Posted by deepcore under defacement (No Respond)

http://www.bankruatcity.go.th/index.php notified by ./Niz4r

Tags:

Fiberhome AN5506-02-B Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Fiberhome AN5506-02-B with firmware version RP2521 suffers from a persistent cross site scripting vulnerability.

Sophos XG115w Firewall 17.0.10 MR-10 Authentication Bypass

Posted by deepcore under exploit (No Respond)

Sophos XG115w Firewall version 17.0.10 MR-10 suffers from an authentication bypass vulnerability.

AirSpot 5410 0.3.4.1-4 Remote Command Injection

Posted by deepcore under exploit (No Respond)

AirSpot 5410 versions 0.3.4.1-4 and below suffer from an unauthenticated remote command injection vulnerability.

Zimbra zmslapd Privilege Escalation

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits CVE-2022-37393, which is a vulnerability in Zimbra’s sudo configuration that permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.

Webmin Package Updates Command Injection

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit […]