[remote] – Metaphor – Stagefright Exploit with ASLR Bypass
Posted by deepcore under Security (No Respond)
Archive for March, 2016
[dos] – Apple Quicktime < 7.7.79.80.95 – FPX File Parsing Memory Corruption 1
Posted by deepcore under Security (No Respond)
[remote] – LShell <= 0.9.15 – Remote Code Execution
Posted by deepcore under Security (No Respond)
SM Soft Tech CMS 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
SM Soft Tech CMS XHTML Mobile version 1.0 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
WAP Music CMS 1.0.2 SQL Injection
Posted by deepcore under exploit (No Respond)
WAP Music CMS version 1.0.2 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
D-Link DVG-5402SP CSRF / Brute Force
Posted by deepcore under exploit (No Respond)
D-Link DVG-5402SP with firmware RU_1.01 suffers from brute force and cross site request forgery vulnerabilities.
C2Box 4.0.0(r19171) Validation Bypass
Posted by deepcore under exploit (No Respond)
C2Box versions 4.0.0(r19171) and below suffer from a validation bypass vulnerability.
Adobe Flash PCRE Regex Complication Logic Issue
Posted by deepcore under exploit (No Respond)
There’s a logic error in the PCRE engine version used in Adobe Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.
WordPress Claptastic Clap! Button 1.3 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Claptastic Clap! Button plugin version 1.3 suffers from a cross site scripting vulnerability.
WordPress CloudFlare 1.3.20 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress CloudFlare plugin version 1.3.20 suffers from a cross site scripting vulnerability.