WordPress Events Made Easy 1.5.49 CSRF / XSS
Posted by deepcore under exploit (No Respond)
WordPress Events Made Easy plugin version 1.5.49 suffers from cross site request forgery and cross site scripting vulnerabilities.
Archive for October, 2015
Adobe Flash IExternalizable.writeExternal Type Confusion
Posted by deepcore under exploit (No Respond)
If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a ‘method’ outside of the ActionScript object’s ActionScript vtable, leading to memory corruption.
Kaboozu CMS Shell Upload
Posted by deepcore under exploit (No Respond)
Kaboozu CMS suffers from a remote shell upload vulnerability.
Nibbleblog File Upload
Posted by deepcore under exploit (No Respond)
Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.
[remote] – Nibbleblog File Upload Vulnerability
Posted by deepcore under Security (No Respond)
[dos] – Adobe Flash IExternalizable.writeExternal – Type Confusion
Posted by deepcore under Security (No Respond)
[webapps] – Belkin Router N150 1.00.08, 1.00.09 – Path Traversal Vulnerability
Posted by deepcore under Security (No Respond)
[local] – Tomabo MP4 Player 3.11.6 – SEH Based Stack Overflow
Posted by deepcore under Security (No Respond)
[webapps] – WordPress Ajax Load More Plugin < 2.8.2 – File Upload Vulnerability
Posted by deepcore under Security (No Respond)
Apple Security Advisory 2015-10-15-1
Posted by deepcore under Apple (No Respond)