zTree 3.5.19.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
zTree version 3.5.19.1 suffers from a cross site scripting vulnerability.
Archive for November, 2015
Mac OS X Networkd XPC Type Confusion Sandbox Escape
Posted by deepcore under Apple (No Respond)
networkd is the system daemon which implements the com.apple.networkd XPC service. It’s unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without […]
Tags: Apple, ios, osx[papers] – [Portuguese] Ataques Avançados contra CPL (Control Panel Applets)
Posted by deepcore under Security (No Respond)
[dos] – foobar2000 1.3.9 – (.asx) Local Crash PoC
Posted by deepcore under Security (No Respond)
LineNity WP Premium Theme – File Include Vulnerability
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered a file include web vulnerability in the official WordPress LineNity Premium Theme in 2015Q4.
Y-R-S CMS 2015Q4 – (ID) SQL Injection Web Vulnerability
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered a remote sql injection web vulnerability in the official Y-R-S Content Management System 2015Q4.
[remote] – D-Link DIR-880L – Multiple Buffer Overflow Vulnerabilities
Posted by deepcore under Security (No Respond)
[remote] – ClipperCMS 1.3.0 – Code Execution Vulnerability
Posted by deepcore under Security (No Respond)
[webapps] – AlegroCart 1.2.8 – Multiple SQL Injection Vulnerabilities
Posted by deepcore under Security (No Respond)
[remote] – XCart 5.2.6 – Code Execution Vulnerability
Posted by deepcore under Security (No Respond)