A vulnerability exists within Microsoft’s SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.
Centos WebPanel 7 – ‘term’ SQL Injection
Tags:
0day,
remote exploit
AnyBurn 4.8 – Buffer Overflow (SEH)
Tags:
0day,
remote exploit
Wing FTP Server version 2.3 suffers from a cross site request forgery vulnerability.
ASUS AXSP version 1.02.00 suffers from an asComSvc unquoted service path vulnerability.
WordPress Search Meter plugin version 2.13.2 suffers from a CSV injection vulnerability.
rConfig 3.93 – ‘ajaxAddTemplate.php’ Authenticated Remote Code Execution
Tags:
0day,
remote exploit
WordPress Plugin Appointment Booking Calendar 1.3.34 – CSV Injection
Tags:
0day,
remote exploit
Joomla! Component com_newsfeeds 1.0 – ‘feedid’ SQL Injection
Tags:
0day,
remote exploit
WatchGuard Fireware AD Helper Component 5.8.5.10317 – Credential Disclosure
Tags:
0day,
remote exploit