11 - 2015 - :: Deepquest ::

>> LAN Scan HD v1.20 iOS – Command Inject Vulnerability

USER: deepcore // 2015-11-05 // 0 CMT

The Vulnerability Laboratory Core Research Team discovered a local command inject vulnerability in the LAN Scan HD v1.20 iOS mobile application.

[EXPLOIT]

>> FreeType 2.6.1 TrueType Parsing Heap-Based Out Of Bounds Read

USER: deepcore // 2015-11-05 // 0 CMT

Heap-based out-of-bounds memory reads have been encountered in FreeType in the handling of the cmap (format 14) SFNT table.

[EXPLOIT]

>> ATutor 2.2 File Upload

USER: deepcore // 2015-11-05 // 0 CMT

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

[EXPLOIT]

>> ATutor 2.2 Cross Site Scripting

USER: deepcore // 2015-11-05 // 0 CMT

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

[EXPLOIT]

>> ATutor 2.2 PHP Code Injection

USER: deepcore // 2015-11-05 // 0 CMT

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

[EXPLOIT]

>> Piwik 2.14.3 Local File Inclusion

USER: deepcore // 2015-11-05 // 0 CMT

Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.

[EXPLOIT]

>> Piwik 2.14.3 PHP Object Injection

USER: deepcore // 2015-11-05 // 0 CMT

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.

[SECURITY]

>> [webapps] – vBulletin 5.1.x – PreAuth 0day Remote Code Execution Exploit

USER: deepcore // 2015-11-05 // 0 CMT

vBulletin 5.1.x – PreAuth 0day Remote Code Execution Exploit

[SECURITY]

>> [webapps] – JSSE SKIP-TLS Exploit

USER: deepcore // 2015-11-05 // 0 CMT

JSSE SKIP-TLS Exploit

[SECURITY]

>> [webapps] – OpenSSL Alternative Chains Certificate Forgery

USER: deepcore // 2015-11-05 // 0 CMT

OpenSSL Alternative Chains Certificate Forgery

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: