ChromiumCart 0.8.1 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
ChromiumCart version 0.8.1 suffers from an arbitrary file upload vulnerability.
Archive for December, 2015
EvolutionScript 5.0 SQL Injection / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
EvolutionScript version 5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Deadlock 1.01 Arbitrary File Upload
Posted by deepcore under exploit (No Respond)
Deadlock version 1.01 suffers from an arbitrary file upload vulnerability.
DMarket 1.0 Remote PHP Code Injection
Posted by deepcore under exploit (No Respond)
DMarket version 1.0 suffers from a remote PHP code injection vulnerability.
Docebo LMS 4.0.3 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Docebo LMS version 4.0.3 suffers from a cross site scripting vulnerability.
Circutor PowerStudio SCADA 4.0.5 Privilege Escalation
Posted by deepcore under exploit (No Respond)
Circutor PowerStudio SCADA version 4.0.5 suffers from an unquoted search path issue impacting the services ‘CircutorPowerStudioScadaServer’ and ‘CircutorPowerStudioServer’ for Windows deployed as part of PowerStudio Series. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to […]
iniNet SpiderControl SCADA Editor 6.30.01 Privilege Escalation
Posted by deepcore under exploit (No Respond)
iniNet SpiderControl SCADA Editor version 6.30.01 suffers from an insecure file permission vulnerability that can lead to privilege escalation.
iniNet SpiderControl PLC Editor Simatic 6.30.04 Privilege Escalation
Posted by deepcore under exploit (No Respond)
SpiderControl PLC Editor Simatic suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘F’ flag (Full) for ‘Everyone’ group, and ‘C’ flag (Change) for ‘Authenticated Users’ group making […]
iniNet SpiderControl SCADA Web Server Service 2.02 Privilege Escalation
Posted by deepcore under exploit (No Respond)
SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘C’ flag (Change) for ‘Everyone’ and ‘Authenticated Users’ group making the entire directory ‘WWW’ […]
GEOVAP Reliance 4 Control Server Privilege Escalation
Posted by deepcore under exploit (No Respond)
GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service ‘RelianceOpcDaWrapper’ for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC Server. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would […]
