PayPal Bug Bounty #121 – Bypass & Persistent Vulnerability
Posted by deepcore under exploit (No Respond)
Archive for March, 2016
Manage Engine Desktop Central 9.1.0 Build 91099 XSS
Posted by deepcore under exploit (No Respond)
Manage Engine Desktop Central version 9.1.0 build 91099 suffers from a cross site scripting vulnerability.
ATutor 2.2.1 Directory Traversal / Remote Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. You are required to […]
Docker UI v0.10.0 – Multiple CS CSRF Web Vulnerabilities
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered multiple client-side cross site request forgery vulnerabilities in the official Docker UI web-application.
Docker UI v0.10.0 – Multiple Persistent Vulnerabilities
Posted by deepcore under exploit (No Respond)
An independent vulnerability laboratory researcher discovered multiple client-side cross site request forgery vulnerabilities in the official Docker UI web-application.
[webapps] – CubeCart 6.0.10 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)
[dos] – Apple Quicktime < 7.7.79.80.95 – FPX File Parsing Memory Corruption 2
Posted by deepcore under Security (No Respond)
[dos] – Kamailio 4.3.4 – Heap-Based Buffer Overflow
Posted by deepcore under Security (No Respond)
[webapps] – WordPress Photocart Link Plugin 1.6 – Local File Inclusion
Posted by deepcore under Security (No Respond)
[remote] – ATutor 2.2.1 Directory Traversal / Remote Code Execution
Posted by deepcore under Security (No Respond)