2019 February

[webapps] Drupal < 8.6.10 / < 8.5.11 – REST Module Remote Code Execution

Posted by deepcore under Security (No Respond)

Drupal < 8.6.10 / < 8.5.11 – REST Module Remote Code Execution

Kanboard 1.2.7 Code Execution / Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

Kanboard version 1.2.7 contains multiple vulnerabilities. The vulnerabilities include CSV account import cross site request forgery which allows an unauthenticated attacker to create a new administrative user. Cross site request forgery 2FA deactivation, allowing an unauthenticated attacker to disable an account’s 2FA configuration. A lack of integrity checking or transport layer encryption enforced on plugins […]

Advanced Comment System 1.0 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

Advanced Comment System version 1.0 suffers from a cross site scripting vulnerability.

Teracue ENC-400 Command Injection / Missing Authentication

Posted by deepcore under exploit (No Respond)

Teracue ENC-400 suffers from hard-coded credential, missing authentication, and command injection vulnerabilities.

VertrigoServ 2.17 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

VertrigoServ version 2.17 suffers from a cross site scripting vulnerability.

Exploitation Framework For STMicroelectronics DVB Chipsets

Posted by deepcore under exploit (No Respond)

A multitude of security issues exist within STMicroelectronics DVB chipsets including, but not limited to credential leakage, buffer overflow, and data leaks. This is the full release of both the whitepaper and dozens of proof of concept details.

Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation

Posted by deepcore under exploit (No Respond)

Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities.

EI-Tube 3 SQL Injection

Posted by deepcore under exploit (No Respond)

EI-Tube version 3.0 suffers from a remote SQL injection vulnerability.

RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow

Posted by deepcore under exploit (No Respond)

RealTerm Serial Terminal version 2.0.0.70 suffers from an echo port buffer overflow vulnerability.

Valentina Studio 9.0.5 Buffer Overflow

Posted by deepcore under exploit (No Respond)

Valentina Studio version 9.0.5 suffers from a buffer overflow vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

[webapps] Drupal < 8.6.10 / < 8.5.11 – REST Module Remote Code Execution

Kanboard 1.2.7 Code Execution / Cross Site Request Forgery

Advanced Comment System 1.0 Cross Site Scripting

Teracue ENC-400 Command Injection / Missing Authentication

VertrigoServ 2.17 Cross Site Scripting

Exploitation Framework For STMicroelectronics DVB Chipsets

Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation

EI-Tube 3 SQL Injection

RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow

Valentina Studio 9.0.5 Buffer Overflow

Tabs Switcher

Categories

Archives

Meta

BLOGROLL