2 - 2016 - :: Deepquest ::

>> [webapps] phpRPC < 0.7 – Remote Code Execution

USER: deepcore // 2016-02-26 // 0 CMT

phpRPC < 0.7 – Remote Code Execution

>> [dos] – GpicView 0.2.5 – Crash PoC

USER: deepcore // 2016-02-26 // 0 CMT

GpicView 0.2.5 – Crash PoC

>> [shellcode] – Linux/ARM – Connect back to {ip:port} with /bin/sh – 95 bytes

USER: deepcore // 2016-02-26 // 0 CMT

Linux/ARM – Connect back to {ip:port} with /bin/sh – 95 bytes

>> [webapps] – Infor CRM 8.2.0.1136 – Multiple HTML Script Injection Vulnerabilities

USER: deepcore // 2016-02-26 // 0 CMT

Infor CRM 8.2.0.1136 – Multiple HTML Script Injection Vulnerabilities

>> [remote] – Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit

USER: deepcore // 2016-02-26 // 0 CMT

Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit

>> [webapps] – Zimbra 8.0.9 GA – CSRF Vulnerability

USER: deepcore // 2016-02-26 // 0 CMT

Zimbra 8.0.9 GA – CSRF Vulnerability

>> [webapps] – WordPress Ocim MP3 Plugin – SQL Injection Vulnerability

USER: deepcore // 2016-02-26 // 0 CMT

WordPress Ocim MP3 Plugin – SQL Injection Vulnerability

>> PayPal BB #116 – (Android) Unencrypted Information Issue

USER: deepcore // 2016-02-25 // 0 CMT

The Vulnerability Laboratory Core Research Team discovered a Unencrypted User`s DM & User Information Vulnerability in the official PayPal Inc Mobile API for Android.

>> WordPress Calculated Fields Form 1.0.x Session Hijacking

USER: deepcore // 2016-02-25 // 0 CMT

WordPress Calculated Fields Form plugin versions 1.0.x and below suffer from Http_only bypass and session hijacking vulnerabilities.

>> OpenAM Open Redirect

USER: deepcore // 2016-02-25 // 0 CMT

Compass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An…