Microsoft IExpress DLL Hijacking
Posted by deepcore under exploit (No Respond)
Microsoft IExpress suffers from a DLL hijacking vulnerability.
Archive for January, 2016
Telisca IPS Lock 2 Phone Unlock
Posted by deepcore under exploit (No Respond)
Telisca IPS Lock 2 suffers from an unauthenticated phone unlocking vulnerability. Metasploit module included.
ManageEngine Application Manager XSS / CSRF / Privilege Escalation
Posted by deepcore under exploit (No Respond)
ManageEngine Application Manager 12 suffers from cross site request forgery, privilege escalation, and cross site scripting vulnerabilities.
ManageEngine Application Manager 12.5 Command Execution
Posted by deepcore under exploit (No Respond)
ManageEngine Application Manager version 12.5 remote command execution exploit.
Bitrix mcart.xls 6.5.2 SQL Injection
Posted by deepcore under exploit (No Respond)
Bitrix mcart.xls module versions 6.5.2 and below suffer from a remote SQL injection vulnerability.
WhatsUp Gold 16.3 Remote Code Execution
Posted by deepcore under exploit (No Respond)
WhatsUp Gold version 16.3 suffers from an unauthenticated remote code execution vulnerability.
SevOne NMS 5.3.60 Remote Root
Posted by deepcore under exploit (No Respond)
SevOne NMS versions 4.3.6.0 and below remote root exploit.
Roundcube 1.1.3 Path Traversal
Posted by deepcore under exploit (No Respond)
Roundcube version 1.1.3 suffers from a path traversal vulnerability.
dbaudio R1 2.14.4 Privilege Escalation
Posted by deepcore under exploit (No Respond)
dbsudio version R1 2.14.4 and DNS-SD version 379.32.2 suffer from an unquoted search path issue impacting the service ‘dbaudio DNS-SD’ for Windows deployed as part of dbaudio R1. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.
[dos] – NetSchedScan 1.0 – Crash PoC
Posted by deepcore under Security (No Respond)