Subscribe via feed.
Archive for February, 2019

WebKit JSC reifyStaticProperty Attribute Flag Issue

Posted by deepcore under exploit (No Respond)

WebKit JSC has an issue where reifyStaticProperty needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter.

MatrixSSL x.509 Certificate Verification Stack Buffer Overflow

Posted by deepcore under exploit (No Respond)

MatrixSSL suffers from a stack buffer overflow vulnerability when verifying x.509 certificates.

Nuuo Central Management SQL Injection

Posted by deepcore under exploit (No Respond)

The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xp_cmdshell can be enabled and abused to achieve code execution. This module will either use a provided session number […]

[webapps] Teracue ENC-400 – Command Injection / Missing Authentication

Posted by deepcore under Security (No Respond)

Teracue ENC-400 – Command Injection / Missing Authentication

Tags: ,

[webapps] Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution

Posted by deepcore under Security (No Respond)

Quest NetVault Backup Server < 11.4.5 – Process Manager Service SQL Injection / Remote Code Execution

Tags: ,

[webapps] Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation

Posted by deepcore under Security (No Respond)

Micro Focus Filr 3.4.0.217 – Path Traversal / Local Privilege Escalation

Tags: ,

[remote] Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit)

Posted by deepcore under Security (No Respond)

Nuuo Central Management – Authenticated SQL Server SQL Injection (Metasploit)

Tags: ,

[dos] WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

Posted by deepcore under Security (No Respond)

WebKit JSC – reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

Tags: ,

[papers] Protecting Windows Privilege Accounts

Posted by deepcore under Security (No Respond)

Protecting Windows Privilege Accounts

Tags: ,

HotelDruid 2.3 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

HotelDruid version 2.3 suffers from a cross site scripting vulnerability.