[webapps] Joomla! Component EkRishta 2.10 – Cross-Site Scripting / SQL Injection
Posted by deepcore under Security (No Respond)
Archive for May, 2018
[local] Easy MPEG to DVD Burner 1.7.11 – Local Buffer Overflow (SEH) (DEP Bypass)
Posted by deepcore under Security (No Respond)
Easy MPEG to DVD Burner 1.7.11 – Local Buffer Overflow (SEH) (DEP Bypass)
Tags: 0day, remote exploit[webapps] Adobe Enterprise Manager (AEM) < 6.3 – Remote Code Execution
Posted by deepcore under Security (No Respond)
[webapps] D-Link DSL-3782 – Authentication Bypass
Posted by deepcore under Security (No Respond)
[remote] mySCADA myPRO 7 – Hard-Coded Credentials
Posted by deepcore under Security (No Respond)
Microsoft Edge Chakra JIT Bounce Check Elimination Bug
Posted by deepcore under exploit (No Respond)
Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instead of the control flow. This may lead to incorrectly remove the bound checks.
Linux 4-Byte Information Leak
Posted by deepcore under exploit (No Respond)
Linux suffers from a 4-byte information leak via an uninitialized struct field in the compat adjtimex syscall.
NodAPS 4.0 Cross Site Request Forgery / SQL Injection
Posted by deepcore under exploit (No Respond)
NodAPS version 4.0 suffers from cross site request forgery and remote SQL injection vulnerabilities.
SuperCom Online Shopping Ecommerce Cart 1 XSS / CSRF / SQL Injection
Posted by deepcore under exploit (No Respond)
SuperCom Online Shopping Ecommerce Cart 1 suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.
Powerlogic/Schneider Electric IONXXXX Series Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Powerlogic/Schneider Electric IONXXXX Series suffers from a cross site request forgery vulnerability.