CubeCart 6.0.6 Administrative Bypass
Posted by deepcore under exploit (No Respond)
CubeCart versions 5.2.12 through 6.0.6 suffer from an administrative bypass vulnerability.
Archive for September, 2015
Nokia Solutions And Networks Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Nokia Solutions and Networks suffers from multiple cross site scripting vulnerabilities.
Yahoo Gemini Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Yahoo Gemini suffers from a cross site request forgery vulnerability.
Magento Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Magento suffered from a cross site scripting vulnerability.
Shopify Input Validation
Posted by deepcore under exploit (No Respond)
Shopify suffered from an input validation vulnerability.
Silver Peak VX Command Injection / Shell Upload / File Read
Posted by deepcore under exploit (No Respond)
Silver Peak VX virtual appliance running VXOA before version 6.2.11 contains a number of security vulnerabilities, including command injection, unauthenticated file read, mass assignment, shell upload, and hardcoded credentials. By combining these vulnerabilities, an attacker may remotely obtain root privileges on the underlying host.
OpenLDAP 2.4.42 Denial Of Service
Posted by deepcore under exploit (No Respond)
OpenLDAP versions 2.4.42 and below suffer from a remote denial of service vulnerability.
Magento 1.9.2 File Inclusion
Posted by deepcore under exploit (No Respond)
Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.
IKEView.exe Fox Beta 1 Buffer Overflow
Posted by deepcore under exploit (No Respond)
IKEView.exe is vulnerable to local stack based buffer overflow when parsing an malicious (internet key exchange) “.elg” file.
Monsta FTP 1.6.2 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Monsta FTP version 1.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities.