Subscribe via feed.
Archive for February, 2018

Joomla! Proclaim 9.1.1 Shell Upload

Posted by deepcore under exploit (No Respond)

Joomla! Proclaim component version 9.1.1 suffers from a remote shell upload vulnerability.

Joomla! OS Property Real Estate 3.12.7 SQL Injection

Posted by deepcore under exploit (No Respond)

Joomla! OS Property Real Estate component version 3.12.7 suffers from a remote SQL injection vulnerability.

Learning And Examination Management System Script 2.3.1 XSS

Posted by deepcore under exploit (No Respond)

Learning and Examination Management System Script version 2.3.1 suffers from a persistent cross site scripting vulnerability.

Alibaba Clone Script 1.0.2 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Alibaba Clone Script version 1.0.2 suffers from a persistent cross site scripting vulnerability.

Groupon Clone Script 3.0.2 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Groupon Clone Script version 3.0.2 suffers from a persistent cross site scripting vulnerability.

AsusWRT LAN Unauthenticated Remote Code Execution

Posted by deepcore under exploit (No Respond)

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special command mode. This command mode can then […]

CloudMe Sync 1.10.9 Buffer Overflow

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

Disk Savvy Enterprise 10.4.18 Buffer Ovreflow

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.

[papers] From APK to Golden Ticket

Posted by deepcore under Security (No Respond)

From APK to Golden Ticket

Tags: ,

Yab Quarx 2.4.3 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Yab Quarx versions 2.4.3 and below suffer from multiple cross site scripting vulnerabilities.