[webapps] Carel pCOWeb < B1.2.1 – Cross-Site Scripting
Posted by deepcore under Security (No Respond)
Archive for May, 2019
[webapps] Carel pCOWeb < B1.2.1 – Credentials Disclosure
Posted by deepcore under Security (No Respond)
[webapps] Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting
Posted by deepcore under Security (No Respond)
[webapps] AUO Solar Data Recorder < 1.3.0 – 'addr' Cross-Site Scripting
Posted by deepcore under Security (No Respond)
GAT-Ship Web Module 1.30 Information Disclosure
Posted by deepcore under exploit (No Respond)
GAT-Ship Web Module versions 1.30 and below suffer from an information disclosure vulnerability.
Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution
Posted by deepcore under exploit (No Respond)
Horde Webmail version 5.2.22 suffers from code execution, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Freelance Cockpit CRM 3.3.1 SQL Injection
Posted by deepcore under exploit (No Respond)
Freelance Cockpit CRM version 3.3.1 suffers from a remote SQL injection vulnerability.
Cisco Expressway Gateway 11.5.1 Directory Traversal
Posted by deepcore under exploit (No Respond)
Cisco Expressway Gateway version 11.5.1 suffers from a directory traversal vulnerability.
Huawei eSpace 1.1.11.103 DLL Hijacking
Posted by deepcore under exploit (No Respond)
Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV […]
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
Posted by deepcore under exploit (No Respond)
Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.