[shellcode] Linux/x86 – execve(/bin/sh) Polymorphic Shellcode (30 bytes)
Posted by deepcore under Security (No Respond)
Archive for October, 2017
[webapps] E-Sic Software livre CMS – 'q' Parameter SQL Injection
Posted by deepcore under Security (No Respond)
Complain Management System Hard-Coded Credentials / Blind SQL Injection
Posted by deepcore under exploit (No Respond)
Complain Management System suffers from hard-coded credential and remote SQL injection vulnerabilities.
ClipShare 7.0 SQL Injection
Posted by deepcore under exploit (No Respond)
ClipShare version 7.0 suffers from a remote SQL injection vulnerability.
Apache Tomcat Upload Bypass / Remote Code Execution
Posted by deepcore under exploit (No Respond)
Apache Tomcat versions prior to 7.0.8, 8.0.47, 8.5.23, and 9.0.1 (Beta) JSP upload bypass and code execution exploit.
PostgreSQL 10 Installer For Windows DLL Hijacking
Posted by deepcore under exploit (No Respond)
The PostgreSQL 10 installer for Windows suffers from a dll hijacking vulnerability.
Subaru Keyfob Predictable Code
Posted by deepcore under exploit (No Respond)
Subaru’s suffer from an issue where the rolling code used by the keyfob and car is predictable in the sense that it is not random. It is simply incremental. An attacker can ‘clone’ the keyfob and, unlock cars and, when increasing the rolling code with a sufficiently high value, effectively render the user’s keyfob unusable. […]
IBM Notes 8.5 / 9.0 encodeURI Denial Of Service
Posted by deepcore under exploit (No Respond)
IBM Notes versions 8.5 and 9.0 encodeURI denial of service exploit.
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress TR Easy Google Analytics plugin version 1.0.0 suffers from a cross site scripting vulnerability.
WordPress Simple Login Log 1.1.1 SQL Injection
Posted by deepcore under exploit (No Respond)
WordPress Simple Login Log plugin version 1.1.1 suffers from multiple remote SQL injection vulnerabilities.
