9 - 2014 - :: Deepquest ::

>> Apple iOS 7.1.2 Merge Apps Service Local Bypass

USER: deepcore // 2014-09-03 // 0 CMT

Apple iOS version 7.1.2 suffered from a merge apps service local bypass vulnerability.

>> [web applications] – WordPress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection

USER: deepcore // 2014-09-03 // 0 CMT

>> [shellcode] Linux/x86-64 – Bind TCP Password (hell) /bin/sh Shell (4444/TCP) Shellcode (147 bytes)

USER: deepcore // 2014-09-03 // 0 CMT

Linux/x86-64 – Bind TCP Password (hell) /bin/sh Shell (4444/TCP) Shellcode (147 bytes)

>> [webapps] – vBulletin 4.0.x – 4.1.2 (search.php, cat param) – SQL Injection Exploit

USER: deepcore // 2014-09-03 // 0 CMT

vBulletin 4.0.x – 4.1.2 (search.php, cat param) – SQL Injection Exploit

>> [web applications] – ManageEngine EventLog Analyzer Multiple Vulnerabilities

USER: deepcore // 2014-09-02 // 0 CMT

>> [web applications] – WordPress Slideshow Gallery Plugin 1.4.6 – Shell Upload Vulnerability

USER: deepcore // 2014-09-02 // 0 CMT

>> [web applications] – Arachni Web Application Scanner Web UI – Stored XSS Vulnerability

USER: deepcore // 2014-09-02 // 0 CMT

>> [web applications] – WordPress CuckooTap Theme & eShop Arbitrary File Download

USER: deepcore // 2014-09-02 // 0 CMT

>> [web applications] – ManageEngine Desktop Central – Arbitrary File Upload / RCE Vulnerabilities

USER: deepcore // 2014-09-02 // 0 CMT

>> [web applications] – WordPress FR0_theme theme Arbitrary File Download Vulnerability

USER: deepcore // 2014-09-02 // 0 CMT