[webapps] JioFi 4G M2S 1.0.2 – 'mask' Cross-Site Scripting
Posted by deepcore under Security (No Respond)
Archive for April, 2019
[dos] Backup Key Recovery 2.2.4 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
[dos] HeidiSQL 10.1.0.5464 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
Ross Video DashBoard 8.5.1 Insecure Permissions
Posted by deepcore under exploit (No Respond)
Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the ‘M’ flag (Modify) or ‘C’ flag (Change) for ‘Authenticated Users’ group.
[shellcode] Linux/x86 – Rabbit Shellcode Crypter (200 bytes)
Posted by deepcore under Security (No Respond)
[remote] Google Chrome 72.0.3626.121 / 74.0.3725.0 – 'NewFixedDoubleArray' Integer Overflow
Posted by deepcore under Security (No Respond)
Google Chrome 72.0.3626.121 / 74.0.3725.0 – ‘NewFixedDoubleArray’ Integer Overflow
Tags: 0day, remote exploit[local] VirtualBox 6.0.4 r128413 – COM RPC Interface Code Injection Host Privilege Escalation
Posted by deepcore under Security (No Respond)
VirtualBox 6.0.4 r128413 – COM RPC Interface Code Injection Host Privilege Escalation
Tags: 0day, remote exploitEase Audio Converter 5.30 Denial Of Service
Posted by deepcore under exploit (No Respond)
Ease Audio Converter version 5.30 .mp4 denial of service proof of concept exploit.
Google Chrome 73.0.3683.103 V8 JavaScript Engine Denial Of Service
Posted by deepcore under exploit (No Respond)
Google Chrome version 73.0.3683.103 V8 JavaScript Engine out-of-memory in invalid table size denial of service proof of concept exploit.
WordPress Contact Form Builder 1.0.67 CSRF / LFI
Posted by deepcore under exploit (No Respond)
WordPress Contact Form Builder plugin version 1.0.67 suffers from cross site request forgery and local file inclusion vulnerabilities.