2018 January

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

Posted by deepcore under exploit (No Respond)

NEC Univerge SV9100/SV8100 WebPro version 10.0 suffers from a remote configuration download vulnerability. The gzipped telephone system configuration file ‘config.gz’ or ‘config.pcpx’ that contains the unencrypted data file ‘conf.pcpn’, can be downloaded by an attacker from the root directory if previously generated by a privileged user.

[local] Sync Breeze Enterprise 9.5.16 – 'Import Command' Buffer Overflow (Metasploit)

Posted by deepcore under Security (No Respond)

Sync Breeze Enterprise 9.5.16 – ‘Import Command’ Buffer Overflow (Metasploit)

Tags: 0day, remote exploit

[papers] HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation

Posted by deepcore under Security (No Respond)

HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation

Tags: 0day, remote exploit

[local] Oracle VirtualBox < 5.1.30 / < 5.2-rc1 – Guest to Host Escape

Posted by deepcore under Security (No Respond)

Oracle VirtualBox < 5.1.30 / < 5.2-rc1 – Guest to Host Escape

Tags: 0day, remote exploit

[remote] GoAhead Web Server 2.5 < 3.6.5 – HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

Posted by deepcore under Security (No Respond)

GoAhead Web Server 2.5 < 3.6.5 – HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

Tags: 0day, remote exploit

[remote] RAVPower 2.000.056 – Root Remote Code Execution

Posted by deepcore under Security (No Respond)

RAVPower 2.000.056 – Root Remote Code Execution

Tags: 0day, remote exploit

[webapps] Professional Local Directory Script 1.0 – SQL Injection

Posted by deepcore under Security (No Respond)

Professional Local Directory Script 1.0 – SQL Injection

Tags: 0day, remote exploit

[webapps] Flexible Poll 1.2 – SQL Injection

Posted by deepcore under Security (No Respond)

Flexible Poll 1.2 – SQL Injection

Tags: 0day, remote exploit

[webapps] RSVP Invitation Online 1.0 – Cross-Site Request Forgery (Update Admin)

Posted by deepcore under Security (No Respond)

RSVP Invitation Online 1.0 – Cross-Site Request Forgery (Update Admin)

Tags: 0day, remote exploit

[papers] Hardcore SAP Penetration Testing

Posted by deepcore under Security (No Respond)

Hardcore SAP Penetration Testing

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

NEC Univerge SV9100/SV8100 WebPro 10.0 Remote Configuration Download

[local] Sync Breeze Enterprise 9.5.16 – 'Import Command' Buffer Overflow (Metasploit)

[papers] HackSysTeam Windows Kernel Vulnerable Driver: Type Confusion Vulnerability Exploitation

[local] Oracle VirtualBox < 5.1.30 / < 5.2-rc1 – Guest to Host Escape

[remote] GoAhead Web Server 2.5 < 3.6.5 – HTTPd 'LD_PRELOAD' Arbitrary Module Load (Metasploit)

[remote] RAVPower 2.000.056 – Root Remote Code Execution

[webapps] Professional Local Directory Script 1.0 – SQL Injection

[webapps] Flexible Poll 1.2 – SQL Injection

[webapps] RSVP Invitation Online 1.0 – Cross-Site Request Forgery (Update Admin)

[papers] Hardcore SAP Penetration Testing

Tabs Switcher

Categories

Archives

Meta

BLOGROLL