Airia Shell Upload
Posted by deepcore under exploit (No Respond)
Airia suffers from a remote shell upload vulnerability.
Archive for June, 2016
Tomabo M3U SEH Based Stack Buffer Overflow
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a stack over flow in Tomabo MP4 Player versions 3.11.6 and below. When the application is used to open a specially crafted m3u file, an buffer is overwritten allowing for the execution of arbitrary code.
ACROS Security 0patch 2016.05.19.539 Privilege Escalation
Posted by deepcore under exploit (No Respond)
ACROS Security 0patch (0PatchServicex64.exe) version 2016.05.19.539 suffers from an unquoted service path privilege escalation vulnerability.
Symphony CMS 2.6.7 Session Fixation
Posted by deepcore under exploit (No Respond)
Symphony CMS version 2.6.7 suffers from a session fixation vulnerability.
sNews CMS 1.7.1 CSRF / Cross Site Scripting / Code Execution
Posted by deepcore under exploit (No Respond)
sNews CMS version 1.7.1 suffers from cross site request forgery, cross site scripting, and remote code execution vulnerabilities.
Apple Security Advisory 2016-06-20-1
Posted by deepcore under Apple (No Respond)
[webapps] – Radiant CMS 1.1.3 – Mutiple Persistent XSS Vulnerabilities
Posted by deepcore under Security (No Respond)
[webapps] – YetiForce CRM < 3.1 – Persistent XSS
Posted by deepcore under Security (No Respond)
[local] – Linux – ecryptfs and /proc/$pid/environ Privilege Escalation
Posted by deepcore under Security (No Respond)
[webapps] – SAP NetWeaver AS JAVA 7.1 – 7.5 – ctcprotocol Servlet XXE
Posted by deepcore under Security (No Respond)