[webapps] Ticketly 1.0 – Cross-Site Request Forgery (Add Admin)
Posted by deepcore under Security (No Respond)
Archive for November, 2018
[dos] MacOS 10.13 – 'workq_kernreturn' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
Microsoft BingPlaces – TrackEmailOpen (url) Open Redirect
Posted by deepcore under exploit (No Respond)
The vulnerability laboratory core research team discovered a open redirect web vulnerability in the official Microsoft B…
[dos] XMPlay 3.8.3 – '.m3u' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[local] HTML Video Player 1.2.5 – Buffer-Overflow (SEH)
Posted by deepcore under Security (No Respond)
Everus.org 1.0.9 Second Factor Redirection
Posted by deepcore under exploit (No Respond)
The Everus.org Android application version 1.0.9 has a fundamental design flaw where the client can send a random phone number during the second factor flow with an arbitrary existing user id and the server send the attacker the one time password for the other user.
Warranty Tracking System 11.06.3 SQL Injection
Posted by deepcore under exploit (No Respond)
Warranty Tracking System version 11.06.3 suffers from a remote SQL injection vulnerability.
Helpdezk 1.1.1 Shell Upload
Posted by deepcore under exploit (No Respond)
Helpdezk version 1.1.1 suffers from a remote shell upload vulnerability.
DomainMOD 4.11.01 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
DomainMOD versions 4.09.03 through 4.11.01 suffer from a cross site scripting vulnerability.
Mumsoft Easy Software 2.0 Denial Of Service
Posted by deepcore under exploit (No Respond)
Mumsoft Easy Software version 2.0 suffers from a denial of service vulnerability.