WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress plugin Neuvoo-Jobroll version 2.0 suffers from a reflective cross site scripting vulnerability.
Archive for November, 2015
Ubiquiti Networks Hardcoded Keys / Remote Management
Posted by deepcore under exploit (No Respond)
Various Ubiquiti Networks products suffer from having hardcoded keys and also having remote management interfaces enabled that can be leveraged by these credentials.
Cryptocat Script Insertion
Posted by deepcore under exploit (No Respond)
Cryptocat versions prior to 2.0.22 are vulnerability to a script injection vulnerability.
OpenSSL Alternative Chains Certificate Forgery
Posted by deepcore under exploit (No Respond)
OpenSSL alternative chains certificate forgery exploit that has been tested on OpenSSL 1.0.2c, 1.0.2b, 1.0.1o, 1.0.1n, and Fedora 22 (1.0.1k-fips). This is a stand-alone ruby exploit and does not require Metasploit.
Java Secure Socket Extension (JSSE) SKIP-TLS
Posted by deepcore under exploit (No Respond)
Java Secure Socket Extension (JSSE) SKIP-TLS exploit that has been tested on JDK 8u25 and 7u72. This is a stand-alone ruby exploit and does not require Metasploit.
China Chopper Caidao PHP Backdoor Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.
[remote] – Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 – Remote Command Execution
Posted by deepcore under Security (No Respond)
Solarwinds Log and Event Manager/Trigeo SIM 6.1.0 – Remote Command Execution
Tags: 0day, remote exploit[webapps] – NXFilter 3.0.3 – CSRF Vulnerabilities
Posted by deepcore under Security (No Respond)
[papers] – Win32_bind Shellcode Review
Posted by deepcore under Security (No Respond)
[webapps] – NXFilter 3.0.3 – Multiple XSS Vulnerabilities
Posted by deepcore under Security (No Respond)
