2019 January

Ajera Timesheets 9.10.16 Deserialization

Posted by deepcore under exploit (No Respond)

Ajera Timesheets versions 9.10.16 and below suffer from a vulnerability where it performs deserialization of untrusted data.

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF

Posted by deepcore under exploit (No Respond)

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability.

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS

Posted by deepcore under exploit (No Respond)

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in […]

[dos] Wireshark – 'get_t61_string' Heap Out-of-Bounds Read

Posted by deepcore under Security (No Respond)

Wireshark – ‘get_t61_string’ Heap Out-of-Bounds Read

Tags: 0day, remote exploit

[webapps] CF Image Hosting Script 1.6.5 – (Delete all Pictures) Privilege Escalation

Posted by deepcore under Security (No Respond)

CF Image Hosting Script 1.6.5 – (Delete all Pictures) Privilege Escalation

Tags: 0day, remote exploit

http://nakha.udonthani.police.go.th/k3t.html

Posted by deepcore under defacement (No Respond)

http://nakha.udonthani.police.go.th/k3t.html notified by KURD ELECTRONIC TEAM

Tags: defacement

http://www.scdc8.forensic.police.go.th/inform08/k3t.html

Posted by deepcore under defacement (No Respond)

http://www.scdc8.forensic.police.go.th/inform08/k3t.html notified by KURD ELECTRONIC TEAM

Tags: defacement

[webapps] phpMoAdmin MongoDB GUI 1.1.5 – Cross-Site Request Forgery / Cross-Site Scripting

Posted by deepcore under Security (No Respond)

phpMoAdmin MongoDB GUI 1.1.5 – Cross-Site Request Forgery / Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] PLC Wireless Router GPN2.4P21-C-CN – Cross-Site Scripting

Posted by deepcore under Security (No Respond)

PLC Wireless Router GPN2.4P21-C-CN – Cross-Site Scripting

Tags: 0day, remote exploit

[webapps] LayerBB 1.1.1 – Persistent Cross-Site Scripting

Posted by deepcore under Security (No Respond)

LayerBB 1.1.1 – Persistent Cross-Site Scripting

Tags: 0day, remote exploit

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Ajera Timesheets 9.10.16 Deserialization

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS

[dos] Wireshark – 'get_t61_string' Heap Out-of-Bounds Read

[webapps] CF Image Hosting Script 1.6.5 – (Delete all Pictures) Privilege Escalation

http://nakha.udonthani.police.go.th/k3t.html

http://www.scdc8.forensic.police.go.th/inform08/k3t.html

[webapps] phpMoAdmin MongoDB GUI 1.1.5 – Cross-Site Request Forgery / Cross-Site Scripting

[webapps] PLC Wireless Router GPN2.4P21-C-CN – Cross-Site Scripting

[webapps] LayerBB 1.1.1 – Persistent Cross-Site Scripting

Tabs Switcher

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

BLOGROLL