Subscribe via feed.
Archive for November, 2015

ZTE ADSL ZXV10 W300 Authorization / Disclosure / Backdoor

Posted by deepcore under exploit (No Respond)

ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.

Joomla Content History SQL Injection Remote Code Execution

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla. Triggering the SQL injection makes it possible to retrieve active Super User sessions. The cookie can be used to login to the Joomla administrator backend. […]

SHAREit WebShare 2.3.80 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.

LinkedIn Cross Site Scripting

Posted by deepcore under exploit (No Respond)

The Help Forum on LinkedIn suffered from a cross site scripting vulnerability.

Netwin SurgeFTP 23d6 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Netwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.

SuperScan 4.1 Buffer Overflow

Posted by deepcore under exploit (No Respond)

SuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.

Google Chrome Integer Overflow

Posted by deepcore under exploit (No Respond)

There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane memory bounds when parsing the contents of a vcdiff windowThere’s an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used […]

Cambium ePMP 1000 Command Injection / Privilege Escalation

Posted by deepcore under exploit (No Respond)

Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.

Chkrootkit Local Privilege Escalation

Posted by deepcore under exploit (No Respond)

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is scheduled by default.

[webapps] – Cambium ePMP 1000 – Multiple Vulnerabilities

Posted by deepcore under Security (No Respond)

Cambium ePMP 1000 – Multiple Vulnerabilities

Tags: ,