6 - 2016 - :: Deepquest ::

>> [webapps] – Airia – (Add content) CSRF

USER: deepcore // 2016-06-20 // 0 CMT

Airia – (Add content) CSRF

>> [shellcode] – Windows XP – 10 – Download & Execute Shellcode

USER: deepcore // 2016-06-20 // 0 CMT

Windows XP – 10 – Download & Execute Shellcode

>> [webapps] – sNews CMS 1.7.1 – Multiple Vulnerabilities

USER: deepcore // 2016-06-20 // 0 CMT

sNews CMS 1.7.1 – Multiple Vulnerabilities

>> [local] – Tomabo MP4 Player 3.11.6 – SEH Based Stack Overflow (msf)

USER: deepcore // 2016-06-20 // 0 CMT

Tomabo MP4 Player 3.11.6 – SEH Based Stack Overflow (msf)

>> [webapps] – WordPress Ultimate Product Catalog Plugin 3.8.1 – Privilege Escalation

USER: deepcore // 2016-06-20 // 0 CMT

WordPress Ultimate Product Catalog Plugin 3.8.1 – Privilege Escalation

>> Adobe Flash Player DLL Hijacking

USER: deepcore // 2016-06-18 // 0 CMT

Adobe Flash Player versions prior to 22.0.0.192 and 18.0.0.360 suffer from a DLL hijacking vulnerability.

>> Tiki Wiki CMS Calendar Remote Code Execution

USER: deepcore // 2016-06-18 // 0 CMT

Tiki Wiki CMS Calendar versions 14.2, 12.5 LTS, 9.11 LTS, and 6.15 suffer from a remote code execution vulnerability.

>> phpATM 1.32 Remote Command Execution / Shell Upload

USER: deepcore // 2016-06-18 // 0 CMT

phpATM version 1.32 suffers from a remote shell upload vulnerability.

>> Microsoft Internet Explorer 11 Garbage Collector Attribute Type Confusion

USER: deepcore // 2016-06-18 // 0 CMT

With MS16-063, Microsoft has patched CVE-2016-0199 which relates to a memory corruption bug in the garbage collector of the JavaScript engine used in Internet Explorer 11.

>> WordPress Gravity Forms 1.8.19 Shell Upload

USER: deepcore // 2016-06-18 // 0 CMT

WordPress Gravity Forms plugin version 1.8.19 suffers from a remote shell upload vulnerability.