Subscribe via feed.
Archive for October, 2016

InfraPower PPS-02-S Q213V1 Authentication Bypass

Posted by deepcore under exploit (No Respond)

InfraPower PPS-02-S Q213V1 suffers from an authentication bypass vulnerability. The device does not properly perform authentication, allowing it to be bypassed through cookie manipulation. The vulnerable function checkLogin() in ‘Function.php’ checks only if the ‘Login’ Cookie is empty or not, allowing easy bypass of the user security mechanisms.

InfraPower PPS-02-S Q213V1 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

InfraPower PPS-02-S Q213V1 suffers from a cross site request forgery vulnerability.

https://ncd.kpo.go.th/chronic/yu1337.html

Posted by deepcore under defacement (No Respond)

https://ncd.kpo.go.th/chronic/yu1337.html notified by ./LegionLeader404

Tags:

http://www.narathiwatpao.go.th/home/images/jdownloads/screenshots/h.gif

Posted by deepcore under defacement (No Respond)

http://www.narathiwatpao.go.th/home/images/jdownloads/screenshots/h.gif notified by NeT.Defacer

Tags:

Apple Security Advisory 2016-10-27-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-27-1 – Xcode 8.1 is now available and addresses code execution vulnerabilities.

Tags: , ,

Apple Security Advisory 2016-10-27-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-27-2 – iCloud for Windows v6.0.1 is now available and addresses input validation and memory corruption vulnerabilities.

Tags: , ,

Apple Security Advisory 2016-10-27-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2016-10-27-3 – iTunes 12.5.2 for Windows is now available and addresses information disclosure and code execution vulnerabilities.

Tags: , ,

Mac OS X / iOS mach_ports_register Memory Safety Issues

Posted by deepcore under Apple (No Respond)

Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.

Tags: , ,

Mac OS X 10.11.6 launchd Message Control

Posted by deepcore under Apple (No Respond)

A logic issue in launchd message requeuing allows arbitrary mach message control. Mac OS X version 10.11.6 is affected.

Tags: , ,

Joomla 3.6.4 Account Creation / Privilege Escalation

Posted by deepcore under exploit (No Respond)

Joomla versions 3.4.4 through 3.6.4 suffer from account creation and privilege escalation vulnerabilities.