Subscribe via feed.
Archive for January, 2017

Adobe Flash 24.0.0.186 Code Execution

Posted by deepcore under exploit (No Respond)

This documented vulnerability allows a remote attacker to execute malicious code or access to a part of the dynamically allocated memory using a user interaction visiting a Web page or open a specially crafted SWF file, an attacker is able to create an “out of bound” memory corruption. A file with an “ActionRecord” structure that […]

Ansible 2.1.4 / 2.2.1 Command Execution

Posted by deepcore under exploit (No Respond)

During a summary code review of Ansible, Computest found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to the other hosts controlled by that controller. Versions 2.1.4 and 2.2.1 are affected.

Cisco Firepower Management Console 6.0 Post Authentication UserAdd

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a vulnerability found in Cisco Firepower Management Console. The management system contains a configuration flaw that allows the www user to execute the useradd binary, which can be abused to create backdoor accounts. Authentication is required to exploit this vulnerability.

http://www.norasingha.go.th

Posted by deepcore under defacement (No Respond)

http://www.norasingha.go.th notified by !~ Ar.H.Hacker ~!

Tags:

Salesforce (Event Registration) – Persistent Vulnerability

Posted by deepcore under exploit (No Respond)

The vulnerability laboratory core research team discovered an application-side input validation vulnerability and mail…

DiskBoss Enterprise 7.5.12 POST Buffer Overflow

Posted by deepcore under exploit (No Respond)

DiskBoss Enterprise version 7.5.12 POST SEH buffer overflow exploit.

Make Or Break 1.7 SQL Injection

Posted by deepcore under exploit (No Respond)

Make or Break version 1.7 suffers from a remote SQL injection vulnerability.

Starting Page 1.3 SQL Injection

Posted by deepcore under exploit (No Respond)

Starting Page version 1.3 suffers from a remote SQL injection vulnerability.

FMyLife Clone Script Pro Edition 1.1 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

FMyLife Clone Script Pro Edition version 1.1 suffers from a cross site request forgery vulnerability.

WordPress WP Support Plus Responsive Ticket System 7.1.3 Privilege Escalation

Posted by deepcore under exploit (No Respond)

WordPress WP Support Plus Responsive Ticket System plugin version 7.1.3 suffers from a privilege escalation vulnerability.