Subscribe via feed.
Archive for November, 2022

https://naluangsen.go.th/fine.html

Posted by deepcore under defacement (No Respond)

https://naluangsen.go.th/fine.html notified by /Rayzky_

Tags:

Gitea Git Fetch Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.

http://tpso4.m-society.go.th/bdkr.htm

Posted by deepcore under defacement (No Respond)

http://tpso4.m-society.go.th/bdkr.htm notified by Mr. BDKR28

Tags:

Gitea Git Fetch Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1.16.7.

Internet Download Manager 6.41 Build 3 Man-In-The-Middle

Posted by deepcore under exploit (No Respond)

Internet Download Manager version 6.41 Build 3 suffers from a man-in-the-middle vulnerability that can enable an attacker to execute code on the victim’s system.

Backdoor.Win32.Quux MVID-2022-0656 Hardcoded Credential

Posted by deepcore under exploit (No Respond)

Backdoor.Win32.Quux malware suffers from a weak hardcoded credential vulnerability that can allow an attacker to achieve remote code execution.

Revenue Collection System 1.0 SQL Injection / Remote Code Execution

Posted by deepcore under exploit (No Respond)

Revenue Collection System version 1.0 suffers from an unauthenticated SQL injection vulnerability in step1.php that allows remote attackers to write a malicious PHP file to disk. The resulting file can then be accessed within the /rates/admin/DBbackup directory. This script will write the malicious PHP file to disk, issue a user-defined command, then retrieve the result […]

Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass

Posted by deepcore under exploit (No Respond)

Revenue Collection System version 1.0 suffers from a persistent cross site scripting vulnerability allowing an authenticated client user to add an administrative user account to the application then log in as the newly created admin.

VMware NSX Manager XStream Unauthenticated Remote Code Execution

Posted by deepcore under exploit (No Respond)

VMware Cloud Foundation (NSX-V) contains a remote code execution vulnerability via XStream open source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a […]

Cisco Secure Email Gateway Malware Detection Evasion

Posted by deepcore under exploit (No Respond)

Cisco Secure Email Gateways, formerly known as Cisco Ironport Email Security Appliances, that are configured to detect malicious email attachments, can easily be circumvented. A remote attacker can leverage error tolerance and different MIME decoding capabilities of email clients, compared with the gateway, to evade detection of malicious payloads by anti-virus components on the gateway. […]