Bugcrowd Persistent Script Injection / Filter Bypass
Posted by deepcore under exploit (No Respond)
Bugcrowd’s web application suffered from a filter bypass and malicious script insertion vulnerability.
Archive for May, 2016
dotCMS Email Header Injection
Posted by deepcore under exploit (No Respond)
dotCMS versions prior to 3.5 and 3.3.2 suffers from an email header injection vulnerability.
Open-Xchange OX AppSuite 7.8.0 XSS / Open Redirect
Posted by deepcore under exploit (No Respond)
Open-Xchange OX AppSuite versions 7.8.0 and below suffer from cross site scripting, open redirection, and argument injection vulnerabilities.
Teampass 2.1.25 Unauthenticated Access
Posted by deepcore under exploit (No Respond)
Teampass version 2.1.25 suffers from an unauthenticated access vulnerability.
Teampass 2.1.25 Arbitrary File Download
Posted by deepcore under exploit (No Respond)
Teampass version 2.1.25 suffers from an arbitrary file download.
PHP CRUD 1.4 Backdoor Accounts
Posted by deepcore under exploit (No Respond)
PHP CRUD version 1.4 comes installed with weakly protected backdoor accounts.
VMWare vSphere Web Client 6.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
VMWare vSphere web client versions 5.1 through 6.0 suffer from a flash cross site scripting vulnerability.
Graphite2 GlyphCache::GlyphCache Buffer Overflow
Posted by deepcore under exploit (No Respond)
Graphite2 suffers from a heap-based buffer overflow in GlyphCache::GlyphCache.
Graphite2 GlyphCache::Loader Buffer Overread
Posted by deepcore under exploit (No Respond)
Graphite2 suffers from multiple heap-based over-reads in GlyphCache::Loader.
Graphite2 TtfUtil::CheckCmapSubtable12 Buffer Overread
Posted by deepcore under exploit (No Respond)
Graphite2 suffers from a heap-based over-read in TtfUtil::CheckCmapSubtable12.