SPIP CMS 2.x / 3.x Add Administrator / File Upload
Posted by deepcore under exploit (No Respond)
SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.
Archive for March, 2019
PCMan FTP Server 2.0 CDUP Remote Buffer Overflow
Posted by deepcore under exploit (No Respond)
PCMan FTP Server version 2.0 CDUP remote buffer overflow exploit.
DASAN H660RM Information Disclosure / Hardcoded Key
Posted by deepcore under exploit (No Respond)
DASAN H660RM allows for unauthenticated ping access, has a hardcoded key for encryption, and logs sensitive information into /tmp.
WordPress article2pdf 0.24 DoS / File Deletion / Disclosure
Posted by deepcore under exploit (No Respond)
WordPress article2pdf plugin versions 0.24 and above suffer from resource exhaustion, arbitrary file download, and file deletion vulnerabilities.
Advanced Bash-Scripting Guide Code Execution
Posted by deepcore under exploit (No Respond)
RedTeam Pentesting discovered that the shell function “getopt_simple”, as presented in the “Advanced Bash-Scripting Guide”, allows execution of attacker-controlled commands.
[dos] Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Posted by deepcore under Security (No Respond)
Spidermonkey – IonMonkey Type Inference is Incorrect for Constructors Entered via OSR
Tags: 0day, remote exploit[dos] Microsoft Windows 7/2008 – 'Win32k' Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[webapps] SJS Simple Job Script – SQL Injection / Cross-Site Scripting
Posted by deepcore under Security (No Respond)
[webapps] Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion
Posted by deepcore under Security (No Respond)
Titan FTP Server Version 2019 Build 3505 – Directory Traversal / Local File Inclusion
Tags: 0day, remote exploit[webapps] XooDigital – 'p' SQL Injection
Posted by deepcore under Security (No Respond)