Subscribe via feed.
Archive for September, 2022

WordPress Forym 1.5.7 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WordPress Forym plugin version 1.5.7 suffers from a cross site scripting vulnerability.

Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Augudor.b malware suffers from a code execution vulnerability.

Veritas Backup Exec Agent Remote Code Execution

Posted by deepcore under exploit (No Respond)

Veritas Backup Exec Agent supports multiple authentication schemes and SHA authentication is one of them. This authentication scheme is no longer used within Backup Exec versions, but had not yet been disabled. An attacker could remotely exploit the SHA authentication scheme to gain unauthorized access to the BE Agent and execute an arbitrary OS command […]

WiFi Mouse 1.8.3.4 Remote Code Execution

Posted by deepcore under exploit (No Respond)

The WiFi Mouse (Mouse Server) from Necta LLC contains an authentication bypass as the authentication is completely implemented entirely on the client side. By utilizing this vulnerability, is possible to open a program on the server (cmd.exe in our case) and type commands that will be executed as the user running WiFi Mouse (Mouse Server), […]

TP-Link Tapo c200 1.1.15 Remote Code Execution

Posted by deepcore under exploit (No Respond)

TP-Link Tapo c200 version 1.1.15 suffers from a remote code execution vulnerability.

Testa 3.5.1 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Testa Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.

Feehi CMS 2.1.1 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.

Teleport 10.1.1 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Teleport version 10.1.1 suffers from a remote code execution vulnerability.

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.