Subscribe via feed.
Archive for December, 2018

WordPress PDF Catalog For WooCommerce 1.1.18 Database Disclosure

Posted by deepcore under exploit (No Respond)

WordPress PDF Catalog for WooCommerce plugin version 1.1.18 suffers from a database disclosure vulnerability.

WordPress JoeBooking 6.6.5 Database Disclosure

Posted by deepcore under exploit (No Respond)

WordPress JoeBooking plugin version 6.6.5 suffers from a database disclosure vulnerability.

Symfony 1.4.17 Database Disclosure

Posted by deepcore under exploit (No Respond)

Symfony version 1.4.17 suffers from a database disclosure vulnerability.

ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass

Posted by deepcore under exploit (No Respond)

ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities.

XNU POSIX Shared Memory Mapping Issue

Posted by deepcore under exploit (No Respond)

XNU POSIX has an issue where shared memory mapping have an incorrect maximum protection.

Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle

Posted by deepcore under exploit (No Respond)

Google Chrome version 70.0.3538.77 stable suffers from cross site scripting and man-in-the-middle vulnerabilities.

McAfee True Key 5.1.173.1 Privilege Escalation

Posted by deepcore under exploit (No Respond)

McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories.

CyberLink LabelPrint 2.5 Stack Buffer Overflow

Posted by deepcore under exploit (No Respond)

This Metasploit module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This Metasploit module has been tested on Windows […]

Zoho ManageEngine OpManager 12.3 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API.

TV B Gone Kit – New Universal Device Case

Posted by deepcore under exploit (No Respond)