Graphite2 TtfUtil::CmapSubtable4NextCodepoint Buffer Overread
Posted by deepcore under exploit (No Respond)
Graphite2 suffers from a heap-based over-read in TtfUtil::CmapSubtable4NextCodepoint.
Archive for May, 2016
Graphite2 NameTable::getName Out-Of-Bounds Read
Posted by deepcore under exploit (No Respond)
Graphite2 suffers from multiple heap-based out-of-bounds reads in NameTable::getName.
HP Data Protector A.09.00 Command Execution
Posted by deepcore under exploit (No Respond)
HP Data Protector version A.09.00 suffers from an arbitrary command execution vulnerability.
EduSec 4.2.5 SQL Injection
Posted by deepcore under exploit (No Respond)
EduSec version 4.2.5 suffers from multiple remote SQL injection vulnerabilities.
Real Estate Portal 4.1 Remote Code Execution
Posted by deepcore under exploit (No Respond)
Real Estate Portal version 4.1 suffers from a remote code execution vulnerability via a remote shell upload.
Real Estate Portal 4.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Real Estate Portal version 4.1 suffers from multiple persistent cross site scripting vulnerabilities.
Micro Focus Rumba+ 9.4 Buffer Overflow
Posted by deepcore under exploit (No Respond)
Micro Focus Rumba+ version 9.4 suffers from multiple stack buffer overflow vulnerabilities.
WordPress Ninja Forms Unauthenticated File Upload
Posted by deepcore under exploit (No Respond)
Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.
[webapps] – PHP Realestate Script Script 4.9.0 – SQL Injection
Posted by deepcore under Security (No Respond)
[remote] – HP Data Protector A.09.00 – Arbitrary Command Execution
Posted by deepcore under Security (No Respond)