Subscribe via feed.
Archive for September, 2022

Multix 2.4 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Multix version 2.4 suffers from a cross site scripting vulnerability.

Multix 2.4 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

Multix version 2.4 suffers from a cross site request forgery vulnerability.

WorkOrder CMS 0.1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

WorkOrder CMS version 0.1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WorkOrder CMS 0.1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WorkOrder CMS version 0.1.0 suffers from a cross site scripting vulnerability.

Linux Stable 5.4 / 5.10 Use-After-Free / Race Condition

Posted by deepcore under exploit (No Respond)

Linux stable versions 5.4 and 5.10 suffers from a page use-after-free via stale TLB caused by an rmap lock not held during PUD move.

Bitbucket Git Command Injection

Posted by deepcore under exploit (No Respond)

Various versions of Bitbucket Server and Data Center are vulnerable to an unauthenticated command injection vulnerability in multiple API endpoints. The /rest/api/latest/projects/{projectKey}/repos/{repositorySlug}/archive endpoint creates an archive of the repository, leveraging the git-archive command to do so. Supplying NULL bytes to the request enables the passing of additional arguments to the command, ultimately enabling execution of […]

[webapps] Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)

Tags: ,

[webapps] Aero CMS v0.0.1 – SQLi

Posted by deepcore under Security (No Respond)

Aero CMS v0.0.1 – SQLi

Tags: ,

[webapps] WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin 3dady real-time web stats 1.0 – Stored Cross Site Scripting (XSS)

Tags: ,

[webapps] WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)

Posted by deepcore under Security (No Respond)

WordPress Plugin WP-UserOnline 2.88.0 – Stored Cross Site Scripting (XSS)

Tags: ,