10 - 2015 - :: Deepquest ::

>> Freemake VideoDownloader 3.7.1 – Code Execution

USER: deepcore // 2015-10-12 // 0 CMT

An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official FreemakeVideoDownloader v3.7.1 software.

>> [dos] – Tomabo MP4 Converter 3.10.12 – 3.11.12 (.m3u) Denial of service (Crush application)

USER: deepcore // 2015-10-12 // 0 CMT

Tomabo MP4 Converter 3.10.12 – 3.11.12 (.m3u) Denial of service (Crush application)

>> [webapps] – Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability

USER: deepcore // 2015-10-11 // 0 CMT

Kallithea 0.2.9 (came_from) HTTP Response Splitting Vulnerability

>> [webapps] – AlienVault OSSIM 4.3 – CSRF Vulnerabilities

USER: deepcore // 2015-10-11 // 0 CMT

AlienVault OSSIM 4.3 – CSRF Vulnerabilities

>> Drupal 8.0.0 Beta 14 Cross Site Scripting

USER: deepcore // 2015-10-10 // 0 CMT

Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal’s sad fix was to simply throw an .htaccess file in place to block access to the file.

>> PayPal Open Redirect

USER: deepcore // 2015-10-10 // 0 CMT

PayPal suffered from an open redirect vulnerability.

>> FreeYouTubeToMP3 Converter 4.0.1 Buffer Overflow

USER: deepcore // 2015-10-10 // 0 CMT

FreeYouTubeToMP3 Converter version 4.0.1 suffers from a buffer overflow vulnerability.

>> WebComIndia CMS 2015Q4 Authentication Bypass

USER: deepcore // 2015-10-10 // 0 CMT

WebComIndia CMS 2015Q4 suffers from an authentication bypass vulnerability via remote SQL injection.

>> VeryPDF Image2PDF Converter SEH Buffer Overflow

USER: deepcore // 2015-10-10 // 0 CMT

VeryPDF Image2PDF Converter SEH buffer oevrflow exploit that spawns messagebox shellcode.

>> W150D Wireless N 150 Cross Site Request Forgery

USER: deepcore // 2015-10-10 // 0 CMT

The W150D Wireless N 150 ADSL2 modem router suffers from a cross site request forgery vulnerability.