Posted by Andrey Stoykov on Mar 02
# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
XSS via SVG File Upload
Steps to Reproduce:
1. Login with admin user
2. Visit “Media” page
3. Upload xss.svg
4. Click “View” and XSS payload will execute
// xss.svg contents
<?xml version=”1.0″ standalone=”no”?>…
Posted by Andrey Stoykov on Mar 02
# Exploit Title: XAMPP – Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com
Steps to Reproduce:
1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to “Existing Templates”
4. Select template “test” and click “Update”
5. Trap HTTP POST request
6. Place single quote to…
Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password…
Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component…
Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by…
Posted by malvuln on Mar 02
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password “KOrUPtIzEre” is stored in cleartext within
the PE file at…
Posted by Vinícius Moraes on Mar 02
=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38946]=======
Access Control Bypass in Multilaser router’s Web Management Interface
Author: Vinicius Moraes < vinicius.moraes.w () gmail com >
=====[Table of
Contents]========================================================
1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References
=====[1….
Posted by Vinícius Moraes on Mar 02
=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38945]=======
Access Control Bypass in Multilaser routers’ Web Management Interface
Author: Vinicius Moraes < vinicius.moraes.w () gmail com >
=====[Table of
Contents]========================================================
1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References
=====[1….
Posted by Vinícius Moraes on Mar 02
=====[Tempest Security Intelligence – Security Advisory –
CVE-2023-38944]=======
Access Control Bypass in Multilaser routers’ Web Management Interface
Author: Vinicius Moraes < vinicius.moraes.w () gmail com >
=====[Table of
Contents]========================================================
1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References
=====[1….
