Subscribe via feed.
Archive for February, 2023

Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal

Posted by deepcore under exploit (No Respond)

Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities.

pyLoad js2py Python Execution

Posted by deepcore under exploit (No Respond)

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]

pyLoad js2py Python Execution

Posted by deepcore under exploit (No Respond)

pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services, the primary of which is on port 8000 and […]

Sales Tracker System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.

https://leeled.go.th

Posted by deepcore under defacement (No Respond)

https://leeled.go.th notified by Ajoyy

Tags:

https://samkratai.go.th

Posted by deepcore under defacement (No Respond)

https://samkratai.go.th notified by Ajoyy

Tags:

https://palmpattanacity.go.th

Posted by deepcore under defacement (No Respond)

https://palmpattanacity.go.th notified by Ajoyy

Tags:

https://tanyongmat.go.th

Posted by deepcore under defacement (No Respond)

https://tanyongmat.go.th notified by Ajoyy

Tags:

https://donsakcity.go.th

Posted by deepcore under defacement (No Respond)

https://donsakcity.go.th notified by Ajoyy

Tags:

Sales Tracker System 1.0 SQL Injection

Posted by deepcore under exploit (No Respond)

Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.