Feehi CMS 2.1.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Feehi CMS version 2.1.1 suffers from a persistent cross site scripting vulnerability.
Archive for August, 2022
Nortek Linear eMerge E3-Series Credential Disclosure
Posted by deepcore under exploit (No Respond)
Nortek Linear eMerge E3-Series versions 0.32-07p, 0.32-07e, 0.32-07p, 0.32-08f, and 0.32-09c suffer from an administrative credential disclosure vulnerability.
Nortek Linear eMerge E3-Series Command Injection
Posted by deepcore under exploit (No Respond)
Nortek Linear eMerge E3-Series version 0.32-09c suffers from a blind OS command injection vulnerability.
Nortek Linear eMerge E3-Series Account Takeover
Posted by deepcore under exploit (No Respond)
Nortek Linear eMerge E3-Series version 0.32-07p suffers from a vulnerability where session fixation tied with cross site scripting can allow for account takeover.
WordPress Duplicator 1.4.7.1 Backup Disclosure
Posted by deepcore under exploit (No Respond)
WordPress Duplicator plugin version 1.4.7.1 suffers from a backup disclosure vulnerability.
ManageEngine ADAudit Plus Path Traversal / XML Injection
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.
Thingsboard 3.3.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Thingsboard version 3.3.1 suffers from multiple persistent cross site scripting vulnerabilities.
[remote] PAN-OS 10.0 – Remote Code Execution (RCE) (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] ThingsBoard 3.3.1 'name' – Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)
[webapps] Feehi CMS 2.1.1 – Stored Cross-Site Scripting (XSS)
Posted by deepcore under Security (No Respond)