XpoLog Center 6 XSS / CSRF / Open Redirect
Posted by deepcore under exploit (No Respond)
XpoLog version 6 suffers from cross site scripting, open redirection, and cross site request forgery vulnerabilitie.
Archive for July, 2016
XpoLog Center 6 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
XpoLog version 6 suffers from a cross site request forgery vulnerability.
Ubuntu 16.04 Netfilter target_offset Out-Of-Bounds Local Root
Posted by deepcore under exploit (No Respond)
Ubuntu Linux 16.04 local root exploit that leverages a netfilter target_offset out-of-bounds vulnerability.
24 Online 8.3.7 Build 9.0 SQL Injection
Posted by deepcore under exploit (No Respond)
24 Online version 8.3.7 build 9.0 suffers from a remote SQL injection vulnerability.
WebCalendar 1.2.7 PHP Code Injection
Posted by deepcore under exploit (No Respond)
WebCalendar version 1.2.7 suffers from a PHP code injection vulnerability.
KWSPHP CMS 1.6.995 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
KWSPHP CMS version 1.6.995 suffers from a persistent cross site scripting vulnerability.
eCardMAX 10.5 Cross Site Scripting / SQL Injection
Posted by deepcore under exploit (No Respond)
eCardMAX version 10.5 suffers from cross site scripting and remote SQL injection vulnerabilities.
WebCalendar 1.2.7 CSRF Bypass
Posted by deepcore under exploit (No Respond)
WebCalendar version 1.2.7 attempts to uses the HTTP Referer to check that requests are originating from same server. However, this can be easily defeated by just not sending a referer.
Syslog Server 1.2.3 Denial Of Service
Posted by deepcore under exploit (No Respond)
Syslog Server version 1.2.3 for windows suffers from a remote denial of service vulnerability.
Apple Safari 9.1.1 Local XXE Injection
Posted by deepcore under exploit (No Respond)
Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.