Telegram (API) Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Telegram (API) suffers from a cross site request forgery vulnerability.
Archive for January, 2016
WordPress Appointment Booking Calendar 1.1.24 Escalation / XSS
Posted by deepcore under exploit (No Respond)
WordPress Appointment Booking Calendar plugin versions 1.1.24 and below suffer from privilege escalation and cross site scripting vulnerabilities.
Trend Micro Direct Pass Filter Bypass / CSRF
Posted by deepcore under exploit (No Respond)
Trend Micro Direct Pass suffers from filter bypass and cross site scripting vulnerabilities.
VLC Media Player 2.2.1 Heap Memory Corruption
Posted by deepcore under exploit (No Respond)
VLC Media Player version 2.2.1 suffers from a heap memory corruption vulnerability when handling malformed mp4 files.
WordPress Appointment Booking Calendar 1.1.24 SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress Appointment Booking Calendar plugin version 1.1.24 suffers from a remote SQL injection through addslashes.
Horizon HD / WiFi Weak WiFi Passphrase Generation
Posted by deepcore under exploit (No Respond)
Horizon HD / WiFi suffers from a weak wifi passphrase generation vulnerability.
Ipswitch MOVEit DMZ 8.1 Authorization Bypass
Posted by deepcore under exploit (No Respond)
Ipswitch MOVEit DMZ versions 8.1 and below suffer from an authorization bypass vulnerability.
Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Ipswitch MOVEit DMZ versions 8.1 and below suffer from a persistent cross site scripting vulnerability.
Ipswitch MOVEit DMZ 8.1 File ID Enumeration
Posted by deepcore under exploit (No Respond)
Ipswitch MOVEit DMZ versions 8.1 and below suffer from a file id enumeration vulnerability.
Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Ipswitch MOVEit Mobile versions 1.2.0.962 and below suffer from a cross site request forgery vulnerability.