Apple Security Advisory 2017-10-05-1
Posted by deepcore under Apple (No Respond)
Archive for October, 2017
[dos] PyroBatchFTP 3.17 – Buffer Overflow (SEH)
Posted by deepcore under Security (No Respond)
http://dopapedia.dopa.go.th/007.html
Posted by deepcore under defacement (No Respond)
http://dopapedia.dopa.go.th/007.html notified by Probiltar ISIS
Tags: defacement[local] Microsoft Windows 10 x64 RS2 – 'win32kfull!bFill' Pool Overflow
Posted by deepcore under Security (No Respond)
WebKit JSC Incorrect Optimization
Posted by deepcore under exploit (No Respond)
A proof of concept has been released that bypasses the fix for the original finding regarding an incorrect optimization in BytecodeGenerator::emitGetByVal in WebKit JSC.
e2openplugin OpenWebif 1.2.4 Code Execution
Posted by deepcore under exploit (No Respond)
e2openplugin OpenWebif versions 0.2.9 through 1.2.4 suffer from a code execution vulnerability.
ERS Data System 1.8.1 Java Deserialization
Posted by deepcore under exploit (No Respond)
ERS Data System version 1.8.1 suffers from a java deserialization vulnerability.
Apache Tomcat JSP Upload Bypass / Remote Code Execution
Posted by deepcore under exploit (No Respond)
Apache Tomcat versions prior to 9.0.1 (Beta), 8.5.23, 8.0.47, and 7.0.8 suffer from a jsp upload bypass vulnerability that allows for remote code execution.
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
EPESI version 1.8.2 revision 20170830 suffers from a cross site scripting vulnerability.
Fiberhome AN5506-04-F Command Injection
Posted by deepcore under exploit (No Respond)
Fiberhome AN5506-05-F suffers from a command injection vulnerability.
