9 - 2015 - :: Deepquest ::

>> PCMan FTP Server 2.0.7 Directory Traversal

USER: deepcore // 2015-09-30 // 0 CMT

PCMan FTP Server version 2.0.7 suffers from a directory traversal vulnerability.

>> Centreon 2.6.1 Persistent Cross Site Scripting

USER: deepcore // 2015-09-30 // 0 CMT

Centreon version 2.6.1 suffers from a stored cross site scripting vulnerability.

>> Ubuntu Apport kernel_crashdump Symlink

USER: deepcore // 2015-09-29 // 0 CMT

This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.

>> Telegram 3.2 Denial Of Service

USER: deepcore // 2015-09-29 // 0 CMT

Telegram version 3.2 suffers from a denial of service vulnerability.

>> Git 1.9.5 Buffer Overflow

USER: deepcore // 2015-09-29 // 0 CMT

ssh-agent.exe in Git version 1.9.5 suffers from a buffer overflow vulnerability.

>> Mango Automation 2.6.0 User Enumeration

USER: deepcore // 2015-09-29 // 0 CMT

Mango Automation version 2.6.0 suffers from a user enumeration weakness vulnerability.

>> Mango Automation 2.6.0 Cross Site Scripting

USER: deepcore // 2015-09-29 // 0 CMT

Mango Automation version 2.6.0 is prone to a reflected cross site scripting vulnerability due to a failure to properly sanitize user-supplied input to the ‘username’ POST parameter in the ‘login.htm’…

>> Webfig Terminal Offline Brute Force Attack

USER: deepcore // 2015-09-29 // 0 CMT

The encryption scheme used by Mikrotik’s Webfig terminal software as seen on the RB750GL running RouterOS version 6.18 is susceptible to offline brute force attacks that allow a third party…

>> NodeBB 0.8.2 Cross Site Scripting

USER: deepcore // 2015-09-29 // 0 CMT

NodeBB version 0.8.2 suffers from a cross site scripting vulnerability.

>> Flowdock API Script Insertion

USER: deepcore // 2015-09-29 // 0 CMT

Flowdock API suffers from a malicious script insertion vulnerability.