[webapps] MyBB Admin Notes Plugin 1.1 – Cross-Site Request Forgery
Posted by deepcore under Security (No Respond)
Archive for May, 2018
[webapps] VirtueMart 3.1.14 – Persistent Cross-Site Scripting
Posted by deepcore under Security (No Respond)
[webapps] Rockwell Scada System 27.011 – Cross-Site Scripting
Posted by deepcore under Security (No Respond)
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure
Posted by deepcore under exploit (No Respond)
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities.
Calamp.com Incorrect Privilege Assignment
Posted by deepcore under exploit (No Respond)
Calamp.com suffers from an incorrect privilege assignment that could lead to full user compromise.
ProjectPier 0.8.8 SQL Injection / Authentication Bypass / RFI
Posted by deepcore under exploit (No Respond)
ProjectPier versions 0.8.8 and below suffer from remote file inclusion, authentication bypass, remote shell upload, and remote SQL injection vulnerabilities.
GD bbPress 2.5 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
GD bbPress versions 2.5 and below suffer from a cross site scripting vulnerability.
xls2csv 0.95 Buffer Overflow
Posted by deepcore under exploit (No Respond)
xls2csv version 0.95 suffers from a buffer overflow vulnerability.
XATABoost 1.0.0 SQL Injection
Posted by deepcore under exploit (No Respond)
XATABoost version 1.0.0 suffers from a remote SQL injection vulnerability.
Microsoft Windows 2003 SP2 RRAS SMB Remote Code Execution
Posted by deepcore under exploit (No Respond)
Microsoft Windows 2003 SP2 RRAS SMB remote code execution exploit.