Tapplock Smart Lock Insecure Direct Object Reference
Posted by deepcore under exploit (No Respond)
Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.
Archive for June, 2018
phpMyAdmin 4.x Remote Code Execution
Posted by deepcore under exploit (No Respond)
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
Joomla Jomres 9.11.2 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.
Audiograbber 1.83 Buffer Overflow
Posted by deepcore under exploit (No Respond)
Audiograbber version 1.83 local SEH buffer overflow exploit.
Redis-cli Buffer Overflow
Posted by deepcore under exploit (No Respond)
Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.
Redatam Web Server Directory Traversal
Posted by deepcore under exploit (No Respond)
Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.
Nikto 2.1.6 CSV Injection
Posted by deepcore under exploit (No Respond)
Nikto version 2.1.6 suffers from a csv injection vulnerability.
Pale Moon Browser Use-After-Free
Posted by deepcore under exploit (No Respond)
Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.
RabbitMQ Web Management Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.
Microsoft COM For Windows Improper Serialized Object Handling
Posted by deepcore under exploit (No Respond)
Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could […]