The Latest Infosec News, Tools, and Exploits – Got Root?
# Exploit Title: Merge PACS 7.0 – Cross-Site Request Forgery # Google Dork: – # Date: 2018-05-21 # Exploit Author: Safak Aslan # Vendor Homepage: http://www.merge.com/ # Version: Merge PACS 7.0 # Tested on: Windows […]
#Exploit Title: mySCADA myPRO 7 – Hardcoded FTP Username and Password #Date: 2018-05-19 #Exploit Author: Emre ÖVÜNÇ #Vendor Homepage: https://www.myscada.org/mypro/ #Software Link: https://www.myscada.org/download/ #Version: v7 #Tested on: Linux, Windows # I. Problem Description #In the […]
# Exploit Title: Infinity Market Classified Ads Script 1.6.2 – Cross-Site Request Forgery # Date: 2018-05-18 # Exploit Author: L0RD # Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?s_rank=1520 # Version: 1.6.2 # Tested on: Kali linux # Description : […]
# Exploit Title: Nanopool Claymore Dual Miner >= 7.3 Remote Code Execution # Date: 2018/02/09 # Exploit Author: ReverseBrain # Vendor Homepage: https://nanopool.org/ # Software Link: https://github.com/nanopool/Claymore-Dual-Miner # Version: 7.3 and later # Tested on: […]
SEC Consult Vulnerability Lab Security Advisory < 20180516-0 > ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1 fixed version: 8.3 P1 and later CVE number: CVE-2018-1247 impact: […]
# Exploit Title: Multiplayer BlackJack – Online Casino Game 2.5 – Persistent Cross-Site scripting # Date: 2018-05-16 # Exploit Author: L0RD # Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628 # CVE: N/A # Version: 2.5 # Description : Multiplayer […]
# Exploit Title: MyBB Admin Notes Plugin – CSRF # Date: 2018-05-14 # Author: 0xB9 # Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 # Version: 1.1 # Tested on: Ubuntu 18.04 # 1. Description: […]
<!– Details ================ Software: Metronet Tag Manager Version: 1.2.7 Homepage: https://wordpress.org/plugins/metronet-tag-manager/ Advisory report: https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description ================ CSRF in Metronet Tag Manager allows anybody to do almost anything an […]
# Exploit Title: Online Booking system – NodAPS 4.0 – ‘search’ SQL injection / Cross-Site Request Forgery # Date: 2018-05-16 # Exploit Author: Borna nematzadeh (L0RD) # Vendor Homepage: https://codecanyon.net/item/appointment-management-system-nodaps/16197805?s_rank=1535 # Version: 4.0 # Tested […]
# coding: utf-8 # Exploit Title: Intelbras NCloud Authentication bypass # Date: 16/05/2018 # Exploit Author: Pedro Aguiar – pedro.aguiar@kryptus.com # Vendor Homepage: http://www.intelbras.com.br/ # Software Link: http://www.intelbras.com.br/empresarial/wi-fi/para-sua-casa/roteadores/ncloud # Version: 1.0 # Tested on: Linux […]
