Just Another Video Script 1.4.3 SQL Injection
Posted by deepcore under exploit (No Respond)
Just Another Video Script version 1.4.3 suffers from a remote SQL injection vulnerability.
Archive for March, 2017
PHP Real Estate Property Script SQL Injection
Posted by deepcore under exploit (No Respond)
PHP Real Estate Property Script suffers from a remote SQL injection vulnerability.
Hotel Booking Script 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Hotel Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
Tour Package Booking 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Tour Package Booking version 1.0 suffers from a remote SQL injection vulnerability.
Microsoft Visual Studio 2015 Update 3 Denial Of Service
Posted by deepcore under exploit (No Respond)
Microsoft Visual Studio 2015 update 3 suffers from a denial of service vulnerability.
Parcel Delivery Booking Script 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
Parcel Delivery Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
Farmer's Fridge Kiosk 2.0.0 Information Disclosure
Posted by deepcore under exploit (No Respond)
Farmer’s Fridge Kiosk version 2.0.0 suffers from an unprotected event log information disclosure vulnerability as well as unauthenticated request issues.
inoERP 0.6.1 CSRF / XSS / SQL Injection
Posted by deepcore under exploit (No Respond)
inoERP version 0.6.1 suffers from cross site request forgery, cross site scripting, session fixation, and remote SQL injection vulnerabilities.
Samba Symlink Race Permits Opening Files
Posted by deepcore under exploit (No Respond)
Samba suffers from a symlink race that permits opening files outside of the share directory.
Github Enterprise Default Session Secret And Deserialization
Posted by deepcore under exploit (No Respond)
This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 – 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to […]