Subscribe via feed.
Archive for November, 2015

LAN Scan HD v1.20 iOS – Command Inject Vulnerability

Posted by deepcore under exploit (No Respond)

The Vulnerability Laboratory Core Research Team discovered a local command inject vulnerability in the LAN Scan HD v1.20 iOS mobile application.

FreeType 2.6.1 TrueType Parsing Heap-Based Out Of Bounds Read

Posted by deepcore under exploit (No Respond)

Heap-based out-of-bounds memory reads have been encountered in FreeType in the handling of the cmap (format 14) SFNT table.

ATutor 2.2 File Upload

Posted by deepcore under exploit (No Respond)

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

ATutor 2.2 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

ATutor 2.2 PHP Code Injection

Posted by deepcore under exploit (No Respond)

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

Piwik 2.14.3 Local File Inclusion

Posted by deepcore under exploit (No Respond)

Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.

Piwik 2.14.3 PHP Object Injection

Posted by deepcore under exploit (No Respond)

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.

[webapps] – vBulletin 5.1.x – PreAuth 0day Remote Code Execution Exploit

Posted by deepcore under Security (No Respond)

vBulletin 5.1.x – PreAuth 0day Remote Code Execution Exploit

Tags: ,

[webapps] – JSSE SKIP-TLS Exploit

Posted by deepcore under Security (No Respond)

JSSE SKIP-TLS Exploit

Tags: ,

[webapps] – OpenSSL Alternative Chains Certificate Forgery

Posted by deepcore under Security (No Respond)

OpenSSL Alternative Chains Certificate Forgery

Tags: ,