2018 May

[webapps] Open-AudIT Professional – 2.1.1 – Cross-Site Scripting

Posted by deepcore under Security (No Respond)

Open-AudIT Professional – 2.1.1 – Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] Open-AudIT Community – 2.2.0 – Cross-Site Scripting

Posted by deepcore under Security (No Respond)

Open-AudIT Community – 2.2.0 – Cross-Site Scripting

Tags: 0day, remote exploit

Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Add FTP Account

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to add a backdoor FTP account.

Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Cookie Theft

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from a cross site scripting vulnerability that allows you to steal the cookie.

Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from multiple cross site request forgery vulnerabilities.

Easy Hosting Control Panel 0.37.12.b Insecure Cryptography

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from an insecure cryptography vulnerability.

Easy Hosting Control Panel 0.37.12.b Clear-Text Password Storage

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from a clear-text password storage vulnerability.

Easy Hosting Control Panel 0.37.12.b Unverified Password Change

Posted by deepcore under exploit (No Respond)

Easy Hosting Control Panel version 0.37.12.b suffers from an unverified password change vulnerability.

Microsoft Windows FxCop 12 XXE Injection

Posted by deepcore under exploit (No Respond)

Microsoft FxCop versions 10 through 12 are vulnerable to XML injection attacks allowing local file ex-filtration and or NTLM hash theft. Tested in Windows 7 and Windows 10 download SDK it works in both.

Mantis manage_proj_page PHP Code Execution

Posted by deepcore under exploit (No Respond)

Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

[webapps] Open-AudIT Professional – 2.1.1 – Cross-Site Scripting

[webapps] Open-AudIT Community – 2.2.0 – Cross-Site Scripting

Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Add FTP Account

Easy Hosting Control Panel 0.37.12.b Cross Site Scripting Cookie Theft

Easy Hosting Control Panel 0.37.12.b Cross Site Request Forgery

Easy Hosting Control Panel 0.37.12.b Insecure Cryptography

Easy Hosting Control Panel 0.37.12.b Clear-Text Password Storage

Easy Hosting Control Panel 0.37.12.b Unverified Password Change

Microsoft Windows FxCop 12 XXE Injection

Mantis manage_proj_page PHP Code Execution

Tabs Switcher

Categories

Archives

Meta

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

Categories

Archives

Meta

BLOGROLL