[webapps] WordPress Plugins Easy Testimonials 3.2 – Cross-Site Scripting
Posted by deepcore under Security (No Respond)
Archive for November, 2018
[webapps] Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials
Posted by deepcore under Security (No Respond)
[webapps] Ticketly 1.0 – 'kind_id' SQL Injection
Posted by deepcore under Security (No Respond)
http://www.nonhanmuni.go.th/index.php
Posted by deepcore under defacement (No Respond)
http://www.nonhanmuni.go.th/index.php notified by ZoRRoKiN
Tags: defacementTicketly 1.0 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
Ticketly version 1.0 suffers from a cross site request forgery vulnerability.
ImageMagick Memory Leak
Posted by deepcore under exploit (No Respond)
ImageMagick versions prior to 7.0.8-9 suffers from a memory leak vulnerability.
macOS 10.13 workq_kernreturn Denial Of Service
Posted by deepcore under exploit (No Respond)
macOS version 10.13 workq_kernreturn denial of service proof of concept exploit.
Microsoft Windows DfMarshal Unsafe Unmarshaling Privilege Escalation
Posted by deepcore under exploit (No Respond)
Microsoft Windows 10 1803 suffers from a DfMarshal unsafe unmarshaling elevation of privilege vulnerability.
Microsoft Windows Unnamed Kernel Object Privilege Escalation
Posted by deepcore under exploit (No Respond)
Microsoft Windows 10 1803 and 1809 have an issue with unnamed kernel object creation. It’s possible to default the security descriptor owner or mandatory label to the value from an Identification level impersonation token leading to elevation of privilege.
ELBA5 Electronic Banking Remote Code Execution
Posted by deepcore under exploit (No Respond)
ELBA5 Network Installation versions prior to 5.8.1 suffer from a remote code execution vulnerability.