Subscribe via feed.
Archive for September, 2022

[webapps] WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin Testimonial Slider and Showcase 2.2.6 – Stored Cross-Site Scripting (XSS)

Tags: ,

[webapps] Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass

Posted by deepcore under Security (No Respond)

Sophos XG115w Firewall 17.0.10 MR-10 – Authentication Bypass

Tags: ,

WordPress Core Cross Site Scripting / SQL Injection

Posted by deepcore under exploit (No Respond)

The WordPress Core version 6.0.2 release addresses cross site scripting and remote SQL injection vulnerabilities.

Zyxel Firewall SUID Binary Privilege Escalation

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits CVE-2022-30526, a local privilege escalation vulnerability that allows a low privileged user (e.g. nobody) escalate to root. The issue stems from a suid binary that allows all users to copy files as root. This module overwrites the firewall’s crontab to execute an attacker provided script, resulting in code execution as root. […]

Packet Storm New Exploits For August, 2022

Posted by deepcore under exploit (No Respond)

This archive contains all of the 79 exploits added to Packet Storm in August, 2022.