OwnCloud / NextCloud 10.0.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
The latest Nextcloud 10.0.1 release in OwnCloud appears to be missing multiple patches for cross site scripting and more.
Archive for November, 2016
VBScript CRegExp::Execute Uninitialized Memory Use
Posted by deepcore under exploit (No Respond)
A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsoft Internet Explorer.
Aruba Networks AOS 6.3.1.19 Improper Authentication
Posted by deepcore under exploit (No Respond)
Arube Networks AOS version 6.3.1.19 has a special key combination that escalates privileges.
Piwik 2.16.0 PHP Object Injection
Posted by deepcore under exploit (No Respond)
Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
NodCMS Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
NodCMS suffers from a cross site request forgery vulnerability.
Ultra Light Blog SQL Injection
Posted by deepcore under exploit (No Respond)
Ultra Light Blog suffers from a remote SQL injection vulnerability that allows for authentication bypass.
NodCMS Cross Site Scripting
Posted by deepcore under exploit (No Respond)
NodCMS suffers from a cross site scripting vulnerability.
NodCMS PHP Code Execution
Posted by deepcore under exploit (No Respond)
NodCMS suffers from a code execution vulnerability by leveraging a cross site request forgery vulnerability.
Faraznet CMS 4.x Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Faraznet CMS version 4.x suffers from a cross site scripting vulnerability.
Verint Impact 360 11.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Verint Impact 360 version 11.1 suffers from a cross site scripting vulnerability.
