2016 February

D-Link DSL-2750B Remote Command Execution

Posted by deepcore under exploit (No Respond)

D-Link DSL-2750B firmware versions 1.01 through 1.03 suffer from an unauthenticated remote code execution vulnerability.

Servision HVG Hardcoded Credentials

Posted by deepcore under exploit (No Respond)

Servision HVG with firmware below version 2.2.26a100 suffers from a hard-coded backdoor password vulnerability.

Sophos UTM 9 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Sophos UTM version 9.350-12 with pattern version 92405 (potentially lower) suffers from a cross site scripting vulnerability.

Node.js HTTP Response Splitting

Posted by deepcore under exploit (No Respond)

Node.js suffers from an HTTP response splitting vulnerability. Node.js versions 5.6.0, 4.3.0, 0.12.10, and 0.10.42 contain a fix for this vulnerability.

ManageEngine EventLog Analyzer 10.8 Privilege Escalation

Posted by deepcore under exploit (No Respond)

ManageEngine EventLog Analyzer version 10.8 suffers from a privilege escalation vulnerability.

Mihalism Multi Host 5.0.3 Cross Site Request Forgery / Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Mihalism Multi Host version 5.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

PivotX CMS 2.3.10 Cross Site Request Forgery / Cross Site Scripting

Posted by deepcore under exploit (No Respond)

PivotX CMS version 2.3.10 suffers from cross site request forgery and cross site scripting vulnerabilities.

File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal

Posted by deepcore under exploit (No Respond)

File Replication Pro versions 7.2.0 and below suffers from remote command execution, file disclosure, and directory traversal vulnerabilities.

Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF

Posted by deepcore under exploit (No Respond)

Yeager CMS version 1.2.1 suffers from cross site scripting, remote file upload, server-side request forgery, and remote SQL injection vulnerabilities.

Exponent 2.3.7 PHP Code Execution

Posted by deepcore under exploit (No Respond)

Exponent version 2.3.7 suffers from a remote code execution vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

D-Link DSL-2750B Remote Command Execution

Servision HVG Hardcoded Credentials

Sophos UTM 9 Cross Site Scripting

Node.js HTTP Response Splitting

ManageEngine EventLog Analyzer 10.8 Privilege Escalation

Mihalism Multi Host 5.0.3 Cross Site Request Forgery / Cross Site Scripting

PivotX CMS 2.3.10 Cross Site Request Forgery / Cross Site Scripting

File Replication Pro 7.2.0 Command Execution / File Disclosure / Traversal

Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF

Exponent 2.3.7 PHP Code Execution

Tabs Switcher

Categories

Archives

Meta

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

Categories

Archives

Meta

BLOGROLL