[dos] Opencart < 3.0.2.0 – Denial of Service
Posted by deepcore under Security (No Respond)
Archive for June, 2018
[webapps] phpLDAPadmin 1.2.2 – 'server_id' LDAP Injection (Username)
Posted by deepcore under Security (No Respond)
[local] Dell EMC RecoverPoint < 5.1.2 – Local Root Command Execution
Posted by deepcore under Security (No Respond)
[webapps] LFCMS 3.7.0 – Cross-Site Request Forgery (Add Admin)
Posted by deepcore under Security (No Respond)
[webapps] LFCMS 3.7.0 – Cross-Site Request Forgery (Add User)
Posted by deepcore under Security (No Respond)
Magento Products T1 – Bypass & Persistent Vulnerability
Posted by deepcore under exploit (No Respond)
The vulnerability laboratory core research team discovered an application-side validation and filter bypass vulnerabilit…
Microsoft Windows Desktop Bridge Activation Arbitrary Directory Creation
Posted by deepcore under exploit (No Respond)
The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of arbitrary object directories leading to privilege escalation.
Microsoft Windows Desktop Bridge Virtual Registry Incomplete Fix
Posted by deepcore under exploit (No Respond)
The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as system resulting in privilege escalation. This is because the fix for CVE-2018-0880 (MSRC case 42755) did not cover all similar cases which were reported at the same time in the issue.
[webapps] VideoInsight WebClient 5 – SQL Injection
Posted by deepcore under Security (No Respond)
[webapps] Apache CouchDB < 2.1.0 – Remote Code Execution
Posted by deepcore under Security (No Respond)