The Latest Infosec News, Tools, and Exploits – Got Root?
# Exploit Title: DAMICMS 6.0.0 – Cross-Site Request Forgery (Add Admin) # Date: 2018-06-30 # Exploit Author: bay0net # Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9248562.html # Software Link: https://www.damicms.com/Down# # Version: DAMICMS_V6.0.0 # CVE : N/A # DamiCMS […]
# Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud # Date: 2018-06-29 # Exploit Author: paragonsec @ Critical Start # Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start […]
* Vulnerability: Authenticated Blind Command Injection * Affected Software: TP-Link TL-WR841N v13 * Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n * Patched Version: None ##### Overview The ping and traceroute functionalities allow for OS […]
# Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass # Exploit Author: Berk Dusunur # Vendor Homepage: http://www.hycus.com/ # Software Link: http://demosite.center/hycus/ # Version: 1.0.4 # Tested on: Pardus / Debian Web Server […]
On Thursday Adidas made a statement in regards to an incident they detected on Tuesday June 26th. They had a breach of security which could have resulted in the data of millions of their customers […]
Gentoo released a statement today in regards to their Github being compromised. They advise for now that all Gentoo code hosted on Github should be treated as compromised code, but not that from the Gentoo […]
Raptor is a Web application firewall made in C, uses DFA to block SQL injection, Cross site scripting and path traversal. http://funguscodes.blogspot.com.br/ Example [su_quote] Up some HTTPd server at port 80 redirect with raptor to […]
Cisco Adaptive Security Appliance – Path Traversal (CVE-2018-0296) A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerable Products This vulnerability […]
Exploit Title: HongCMS 3.0.0 – SQL Injection Google Dork: [if applicable] Date: 2018/06/26 Exploit Author: Hzllaga Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5 CVE : CVE-2018-12912 POC (Administrator Privilege): [su_quote] /admin/index.php/database/operate?dbaction=emptytable&tablename=hong_vvc%60%20where%20vvcid%3D1%20or%20updatexml%282%2Cconcat%280x7e%2C%28version%28%29%29%29%2C0%29%20or%20%60[/su_quote]
South Korean digital currency trade Bithumb says it has nearly divided the misfortunes emerging from an ongoing hack. As already revealed by CoinDesk, Bithumb, one of the biggest crypto trades in South Korea and the […]
