Infoblox 7.0.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Infoblox versions 7.0.1 suffers from a cross site scripting vulnerability.
Archive for September, 2016
Adobe ColdFusion 11 XML External Entity Injection
Posted by deepcore under exploit (No Respond)
Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.
SugarCRM REST Unserialize PHP Code Execution
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary […]
http://www.kiriwong.go.th/usronline.txt
Posted by deepcore under defacement (No Respond)
http://www.kiriwong.go.th/usronline.txt notified by EviL-r00t
Tags: defacement[webapps] – Zabbix 2.0 < 3.0.3 – SQL Injection
Posted by deepcore under Security (No Respond)
[dos] – Adobe Flash – Transform.colorTranform Getter Info Leak
Posted by deepcore under Security (No Respond)
[local] – LogMeIn Client 1.3.2462 (64bit) – Local Credentials Disclosure
Posted by deepcore under Security (No Respond)
[local] – Apple iCloud Desktop Client 5.2.1.0 – Local Credentials Disclosure
Posted by deepcore under Security (No Respond)
[webapps] – Jobberbase 2.0 – Multiple Vulnerabilities
Posted by deepcore under Security (No Respond)
[shellcode] – Windows x86 – Bind Shell TCP Shellcode
Posted by deepcore under Security (No Respond)