[remote] Inteno IOPSYS Gateway – Improper Access Restrictions
Posted by deepcore under Security (No Respond)
Archive for September, 2019
FTPShell Client 6.74 Buffer Overflow
Posted by deepcore under exploit (No Respond)
FTPShell Client version 6.74 suffers from a local buffer overflow denial of service vulnerability.
Folder Lock 7.7.9 Denial Of Service
Posted by deepcore under exploit (No Respond)
Folder Lock version 7.7.9 suffers from a denial of service vulnerability.
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.
phpMyAdmin 4.9.0.1 Cross Site Request Forgery
Posted by deepcore under exploit (No Respond)
phpMyAdmin version 4.9.0.1 suffers from a cross site request forgery vulnerability.
Piwigo 2.9.5 Cross Site Request Forgery / Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Piwigo version 2.9.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
[webapps] College-Management-System 1.2 – Authentication Bypass
Posted by deepcore under Security (No Respond)
[webapps] Ticket-Booking 1.4 – Authentication Bypass
Posted by deepcore under Security (No Respond)
Opencart 2.3.0.2 Pre-Auth Remote Command Execution
Posted by deepcore under exploit (No Respond)
Opencart version 2.3.0.2 pre-authentication remote command execution exploit.
Generic Zip Slip Traversal
Posted by deepcore under exploit (No Respond)
This is a generic arbitrary file overwrite technique, which typically results in remote command execution. This targets a simple yet widespread vulnerability that has been seen affecting a variety of popular products including HP, Amazon, Apache, Cisco, etc. The idea is that often archive extraction libraries have no mitigations against directory traversal attacks. If an […]