aptdaemon File Existence Disclosure
Posted by deepcore under exploit (No Respond)
aptdaemon versions prior to 1.1.1 suffer from a file existence disclosure vulnerability.
Archive for October, 2020
Blueman Local Root / Privilege Escalation
Posted by deepcore under exploit (No Respond)
Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.
Nagios XI 5.7.3 Remote Command Injection
Posted by deepcore under exploit (No Respond)
Nagios XI version 5.7.3 mibs.php remote command injection exploit.
CSE Bookstore 1.0 SQL Injection
Posted by deepcore under exploit (No Respond)
CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
God Kings 0.60.1 Notification Spoofing
Posted by deepcore under exploit (No Respond)
God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing.
Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 LFI
Posted by deepcore under exploit (No Respond)
Oracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.
FreeType Load_SBit_Png Heap Buffer Overflow
Posted by deepcore under exploit (No Respond)
FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
[webapps] WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request
Posted by deepcore under Security (No Respond)
WebLogic Server 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 – Unauthenticated RCE via GET request
Tags: 0day, remote exploit[webapps] Online Examination System 1.0 – 'name' Stored Cross Site Scripting
Posted by deepcore under Security (No Respond)
[webapps] Mailman 1.x > 2.1.23 – Cross Site Scripting (XSS)
Posted by deepcore under Security (No Respond)