Exchange Server Zero-Day Being Actively Exploited
Posted by deepcore under exploit (No Respond)
Archive for September, 2022
Exchange Server Zero-Day Being Actively Exploited
Posted by deepcore under exploit (No Respond)
Tags: 0day
Online Examination System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Online Examination System version 1.0 suffers from a cross site scripting vulnerability.
Joomla EDocman 1.23.3 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Joomla EDocman extension version 1.23.3 suffers from a cross site scripting vulnerability.
Online Examination System 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Online Examination System version 1.0 suffers from a remote SQL injection vulnerability.
Bus Pass Management System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Bus Pass Management System version 1.0 suffers from a cross site scripting vulnerability.
Joomla AdsManager 3.2.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Joomla AdsManager extension version 3.2.0 suffers from a remote SQL injection vulnerability.
qdPM 9.1 Authenticated Shell Upload
Posted by deepcore under exploit (No Respond)
A remote code execution vulnerability exists in qdPM versions 9.1 and below. An attacker can upload a malicious PHP code file via the profile photo functionality by leveraging a path traversal vulnerability in the users[‘photop_preview’] delete photo feature thus allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Motopress Hotel Booking Lite plugin version 4.4.2 suffers from a persistent cross site scripting vulnerability.
EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
EShop Joomla Shopping-Cart extension version 3.6.0 suffers from a cross site scripting vulnerability.