[local] Launch Manager 6.1.7600.16385 – 'DsiWMIService' Unquoted Service Path
Posted by deepcore under Security (No Respond)
Archive for November, 2019
[remote] Ayukov NFTP client 1.71 – 'SYST' Buffer Overflow
Posted by deepcore under Security (No Respond)
[local] OpenVPN Connect 3.0.0.272 – 'agent_ovpnconnect' Unquoted Service Path
Posted by deepcore under Security (No Respond)
[local] Aida64 6.10.5200 – Buffer Overflow (SEH)
Posted by deepcore under Security (No Respond)
Carel pCOWeb HVAC Modbus Interface Authentication Bypass
Posted by deepcore under exploit (No Respond)
The Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Version A 1.4.11 – B 1.4.2 is affected.
Carel pCOWeb HVAC Insecure Credential Storage
Posted by deepcore under exploit (No Respond)
The Carel pCOWeb card stores password hashes in the file /etc/passwd, allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Version A 1.4.11 – B 1.4.2 is affected.
Scripteen Image Upload Shell Upload
Posted by deepcore under exploit (No Respond)
Scripteen Image Upload script suffers from a shell upload vulnerability.
Mr Blog PHP Cross Site Scripting / SQL Injection
Posted by deepcore under exploit (No Respond)
Mr Blog PHP suffers from cross site scripting and remote SQL injection vulnerabilities.
TheJshen contentManagementSystem 1.04 SQL Injection
Posted by deepcore under exploit (No Respond)
TheJshen contentManagementSystem version 1.04 suffers from a remote SQL injection vulnerability.
OpenVPN Private Tunnel 2.8.4 Unquoted Service Path
Posted by deepcore under exploit (No Respond)
OpenVPN Private Tunnel version 2.8.4 suffers from an ovpnagent unquoted service path vulnerability.
