Subscribe via feed.
Archive for May, 2018

[webapps] Sitemakin SLAC 1.0 – 'my_item_search' SQL Injection

Posted by deepcore under Security (No Respond)

Sitemakin SLAC 1.0 – ‘my_item_search’ SQL Injection

Tags: ,

http://hr2.hss.moph.go.th

Posted by deepcore under defacement (No Respond)

http://hr2.hss.moph.go.th notified by ZoRRoKiN

Tags:

[remote] CloudMe Sync < 1.11.0 – Buffer Overflow (SEH) (DEP Bypass)

Posted by deepcore under Security (No Respond)

CloudMe Sync < 1.11.0 – Buffer Overflow (SEH) (DEP Bypass)

Tags: ,

[webapps] TP-Link TL-WR840N/TL-WR841N – Authenticaton Bypass

Posted by deepcore under Security (No Respond)

TP-Link TL-WR840N/TL-WR841N – Authenticaton Bypass

Tags: ,

[webapps] DomainMod 4.09.03 – 'sslpaid' Cross-Site Scripting

Posted by deepcore under Security (No Respond)

DomainMod 4.09.03 – ‘sslpaid’ Cross-Site Scripting

Tags: ,

[webapps] DomainMod 4.09.03 – 'oid' Cross-Site Scripting

Posted by deepcore under Security (No Respond)

DomainMod 4.09.03 – ‘oid’ Cross-Site Scripting

Tags: ,

Oracle WebCenter (Fatwire) 7.x Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Oracle WebCenter versions 7.x prior to 11gR1 suffer from multiple cross site scripting vulnerabilities.

Tim Balitbang Depdiknas 3.5 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Tim Balitbang Depdiknas version 3.5 suffers from a persistent cross site scripting vulnerability.

Tim Balitbang Depdiknas 3.5 SQL Injection

Posted by deepcore under exploit (No Respond)

Tim Balitbang Depdiknas version 3.5 suffers from a remote SQL injection vulnerability.

Android OS FLAG_SECURE Information Disclosure

Posted by deepcore under exploit (No Respond)

Android OS did not use the FLAG_SECURE flag for sensitive settings, potentially exposing sensitive data to other applications on the same device with the screen capture permissions. The vendor (Google) fixed this issue in 2018-02-01 Pixel security update.