DNSTracer 1.8.1 Buffer Overflow
Posted by deepcore under exploit (No Respond)
DNSTracer version 1.8.1 suffers from a buffer overflow vulnerability.
Archive for June, 2017
BIND 9.10.5 Unquoted Service Path Privilege Escalation
Posted by deepcore under exploit (No Respond)
BIND version 9.10.5 for x86 and x64 on Windows suffers from an unquoted service path vulnerability that can allow for privilege escalation.
Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion
Posted by deepcore under exploit (No Respond)
Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.
Parallels Desktop 12.2.0 Virtual Machine Escape
Posted by deepcore under Apple (No Respond)
http://mekhala.dwr.go.th/69.gif
Posted by deepcore under defacement (No Respond)
http://mekhala.dwr.go.th/69.gif notified by Ninja Hattori
Tags: defacementreiserfstune 3.6.25 Buffer Overflow
Posted by deepcore under exploit (No Respond)
reiserfstune version 3.6.25 suffers from a local buffer overflow vulnerability.
Samba is_known_pipename() Code Execution
Posted by deepcore under exploit (No Respond)
Samba versions 3.5.0 through 4.4.14, 4.5.10, and 4.6.4 is_known_pipename() remote code execution exploit.
WordPress Tribulant Newsletters 4.6.4.2 XSS / File Disclosure
Posted by deepcore under exploit (No Respond)
WordPress Tribulant Newsletters plugin versions 4.6.4.2 and below suffer from cross site scripting and file disclosure vulnerabilities.
WordPress No External Links 3.5.17 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress No External Links plugin versions 3.5.17 and below suffer from a cross site scripting vulnerability.
Sudo get_process_ttyname() Race Condition
Posted by deepcore under exploit (No Respond)
Sudo’s get_process_ttyname() on Linux suffers from a race condition that allows for root privilege escalation.