[webapps] phpRPC < 0.7 – Remote Code Execution
Posted by deepcore under Security (No Respond)
Archive for February, 2016
[dos] – GpicView 0.2.5 – Crash PoC
Posted by deepcore under Security (No Respond)
[shellcode] – Linux/ARM – Connect back to {ip:port} with /bin/sh – 95 bytes
Posted by deepcore under Security (No Respond)
[webapps] – Infor CRM 8.2.0.1136 – Multiple HTML Script Injection Vulnerabilities
Posted by deepcore under Security (No Respond)
[remote] – Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit
Posted by deepcore under Security (No Respond)
[webapps] – Zimbra 8.0.9 GA – CSRF Vulnerability
Posted by deepcore under Security (No Respond)
[webapps] – WordPress Ocim MP3 Plugin – SQL Injection Vulnerability
Posted by deepcore under Security (No Respond)
PayPal BB #116 – (Android) Unencrypted Information Issue
Posted by deepcore under exploit (No Respond)
The Vulnerability Laboratory Core Research Team discovered a Unencrypted User`s DM & User Information Vulnerability in the official PayPal Inc Mobile API for Android.
WordPress Calculated Fields Form 1.0.x Session Hijacking
Posted by deepcore under exploit (No Respond)
WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.
OpenAM Open Redirect
Posted by deepcore under exploit (No Respond)
Compass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An attacker is able to create a link that, when visited, will redirect the user to a website of the attacker’s choosing once the victim attempts […]