3 - 2016 - :: Deepquest ::

[SECURITY]

>> [webapps] – WordPress Image Export Plugin 1.1.0 – Arbitrary File Disclosure

USER: deepcore // 2016-03-21 // 0 CMT

WordPress Image Export Plugin 1.1.0 – Arbitrary File Disclosure

[SECURITY]

>> [webapps] – WordPress Import CSV Plugin 1.0 – Directory Traversal

USER: deepcore // 2016-03-21 // 0 CMT

WordPress Import CSV Plugin 1.0 – Directory Traversal

[EXPLOIT]

>> XOOPS 2.5.7.2 Directory Traversal

USER: deepcore // 2016-03-20 // 0 CMT

XOOPS version 2.5.7.2 has checks to defend against directory traversal attacks. However, they can be easily bypassed by simply issuing “…/./” instead of “../”.

[EXPLOIT]

>> XOOPS 2.5.7.2 Cross Site Request Forgery

USER: deepcore // 2016-03-20 // 0 CMT

XOOPS version 2.5.7.2 suffers from a cross site request forgery vulnerability.

[EXPLOIT]

>> Avira PE Section Header Parsing Heap Underflow

USER: deepcore // 2016-03-20 // 0 CMT

Avira suffers from a heap underflow vulnerability when parsing PE section headers.

[EXPLOIT]

>> iTop 2.2.1 Cross Site Request Forgery

USER: deepcore // 2016-03-20 // 0 CMT

High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The…

[EXPLOIT]

>> Dating Pro Genie 2015.7 Cross Site Request Forgery

USER: deepcore // 2016-03-20 // 0 CMT

High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to…