Subscribe via feed.
Archive for October, 2016

HTA Web Server

Posted by deepcore under exploit (No Respond)

This Metasploit module hosts an HTML Application (HTA) that when opened will run a payload via Powershell. When a user navigates to the HTA file they will be prompted by IE twice before the payload is executed.

Adobe Flash Player 23.0.0.162 ConstantPool Memory Corruption

Posted by deepcore under exploit (No Respond)

Adobe Flash Player version 23.0.0.162 suffers from a .swf ConstantPool critical memory corruption vulnerability.

Categorizator 0.3.1 SQL Injection

Posted by deepcore under exploit (No Respond)

Categorizator version 0.3.1 suffers from a remote SQL injection vulnerability.

OpenCimetiere 3.0.0-a5 Blind SQL Injection

Posted by deepcore under exploit (No Respond)

OpenCimetiere version 3.0.0-a5 suffers from a remote blind SQL injection vulnerability.

ApPHP MicroCMS 3.9.5 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

ApPHP MicroCMS version 3.9.5 suffers from a cross site request forgery vulnerability.

Minecraft 1.6.61 Privilege Escalation

Posted by deepcore under exploit (No Respond)

Minecraft version 1.6.61 has a launcher that suffers from insecure file permissions that can lead to a privilege escalation issue.

BirdBlog 1.4.0 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

BirdBlog version 1.4.0 suffers from a cross site request forgery vulnerability.

ApPHP MicroCMS 3.9.5 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

ApPHP MicroCMS version 3.9.5 suffers from a persistent cross site scripting vulnerability.

ApPHP MicroBlog 1.0.2 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

ApPHP MicroBlog version 1.0.2 suffers from a cross site request forgery vulnerability.

phpEnter 4.2.7 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

phpEnter version 4.2.7 suffers from a cross site request forgery vulnerability.