Subscribe via feed.
Posts under exploit

Serendipity 2.4.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Serendipity version 2.4.0 suffers from a cross site scripting vulnerability.

Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution

Posted by deepcore under exploit (No Respond)

Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.

Swagger UI 4.1.3 Critical Information Misrepresentation

Posted by deepcore under exploit (No Respond)

Swagger UI version 4.1.3 user interface misrepresentation of information proof of concept exploit.

Franklin Fueling Systems TS-550 Hash Disclosure / Default Credentials

Posted by deepcore under exploit (No Respond)

Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.

ProjeQtOr Project Management System 10.3.2 Shell Upload

Posted by deepcore under exploit (No Respond)

ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.

Piwigo 13.6.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Piwigo version 13.6.0 suffers from a persistent cross site scripting vulnerability.

Chitor-CMS 1.1.2 SQL Injection

Posted by deepcore under exploit (No Respond)

Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.

FUXA 1.1.13-1186 Remote Code Execution

Posted by deepcore under exploit (No Respond)

FUXA version 1.1.13-1186 suffers from an unauthenticated remote code execution vulnerability.

VMware Workspace ONE Access Privilege Escalation

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access.

CentOS Stream 9 Missing Kernel Security Fix

Posted by deepcore under exploit (No Respond)

CentOS Stream 9 has a missing kernel security fix for a tun double-free amongst other missing fixes. Included is a local root exploit to demonstrate the issue.