Subscribe via feed.
Archive for January, 2016

[remote] – TrendMicro node.js HTTP Server Listening on localhost Can Execute Commands

Posted by deepcore under Security (No Respond)

TrendMicro node.js HTTP Server Listening on localhost Can Execute Commands

Tags: ,

WordPress AzonPop 1.0.0 SQL Injection

Posted by deepcore under exploit (No Respond)

WordPress AzonPop plugin version 1.0.0 suffers from a remote SQL injection vulnerability.

Adobe Flash Stage Setting Use-After-Free

Posted by deepcore under exploit (No Respond)

Proof of concept code that demonstrates a use-after-free when setting stage in Adobe Flash.

Adobe Flash Display Rendering Use-After-Free

Posted by deepcore under exploit (No Respond)

There is a use-after-free in Adobe Flash that appears to be related to rendering the display based on multiple scripts.

Adobe Flash BlurFilter Out-Of-Bounds Memset

Posted by deepcore under exploit (No Respond)

Adobe Flash suffers from an out-of-bounds memset in BlurFilter processing.

Cacti 0.8.8f graphs_new.php SQL Injection

Posted by deepcore under exploit (No Respond)

Cacti versions 0.8.8f and below suffer from a remote SQL injection vulnerability in graphs_new.php.

Netgear 1.0.0.24 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Netgear router version 1.0.0.24 suffers from a cross site scripting vulnerability.

AVM FRITZ!OS HTML Injection

Posted by deepcore under exploit (No Respond)

AVM FRITZ!OS versions prior to 6.30 suffer from an html injection vulnerability.

TrueCrypt 7.1a / 7.2 DLL Hijacking

Posted by deepcore under exploit (No Respond)

TrueCrypt versions 7.1a and 7.2 suffer from a DLL hijacking vulnerability with their installers.

WordPress Symposium Pro Social 15.12 XSS / CSRF

Posted by deepcore under exploit (No Respond)

WordPress Symposium Pro Social plugin version 15.12 suffers from cross site request forgery and cross site scripting vulnerabilities.