Joomla BT Media 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Joomla BT Media component version 1.0 suffers from a remote SQL injection vulnerability.
Archive for June, 2016
Linux ecryptfs Stack Overflow
Posted by deepcore under exploit (No Respond)
There is a stack overflow in Linux via ecryptfs and /proc/$pid/environ.
Windows Kernel ATMFD.DLL NamedEscape 0x250C Pool Corruption
Posted by deepcore under exploit (No Respond)
The Adobe Type Manager Font Driver (ATMFD.DLL) responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode applications via an undocumented gdi32!NamedEscape API call.
Windows gdi32.dll Out-Of-Bounds Read / Memory Disclosure
Posted by deepcore under exploit (No Respond)
gdi32.dll in Microsoft Windows suffers from a heap-based out-of-bounds reads / memory disclosure vulnerability in multiple DIB-related EMF record handlers.
Windows Custom Font Disable Policy Bypass
Posted by deepcore under exploit (No Respond)
It is possible to bypass the ProcessFontDisablePolicy check in win32k to load a custom font from an arbitrary file on disk even in a sandbox.
dbdiff Cross Site Scripting
Posted by deepcore under exploit (No Respond)
dbdiff suffers from a cross site scripting vulnerability.
WordPress Premium SEO Pack 1.9.1.3 wp_options Overwrite
Posted by deepcore under exploit (No Respond)
WordPress Premium SEO Pack plugin version 1.9.1.3 wp_options overwrite exploit.
CMS Elevel 1.0 Cross Site Scripting / SQL Injection
Posted by deepcore under exploit (No Respond)
CMS Elevel version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Airia Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Airia suffers from reflective and persistent cross site scripting vulnerabilities.
Airia Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Airia suffers from a cross site request forgery vulnerability.