Liferay Portal 6.2 EE SP13 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Liferay Portal version 6.2 EE SP13 suffers from an administrator-inflicted cross site scripting vulnerability.
Archive for October, 2015
WordPress Payment Form For PayPal Pro 1.0.1 XSS
Posted by deepcore under exploit (No Respond)
WordPress DWBooster Payment Form for PayPal Pro plugin version 1.0.1 suffers from a cross site scripting vulnerability.
WordPress ResAds 1.0.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.
WordPress Easy2Map 1.2.9 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Easy2Map plugin version 1.2.9 suffers from a cross site scripting vulnerability.
WordPress Easy2Map 1.2.9 Local File Inclusion / Directory Traversal
Posted by deepcore under exploit (No Respond)
WordPress Easy2Map plugin version 1.2.9 suffers from local file inclusion and directory traversal vulnerabilities.
LanSpy 2.0.0.155 Buffer Overflow
Posted by deepcore under exploit (No Respond)
LanSpy version 2.0.0.155 suffers from a buffer overflow vulnerability.
PHP-Fusion 7.02.07 Blind SQL Injection
Posted by deepcore under exploit (No Respond)
PHP-Fusion versions 7.02.07 and below suffer from a remote blind SQL injection vulnerability in the admin panel.
Truecrypt 7 Privilege Escalation
Posted by deepcore under exploit (No Respond)
The Windows driver used by projects derived from Truecrypt 7 (verified in Veracrypt and CipherShed) are vulnerable to a local elevation of privilege attack by checking process of impersonation token which allow a user to inspect and potentially manipulate other users mounted encrypted volumes on the same machine.
Apple Safari 8.0.8 URI Spoofing
Posted by deepcore under Apple (No Respond)
[webapps] – GLPI 0.85.5 – RCE Through File Upload Filter Bypass
Posted by deepcore under Security (No Respond)
