2021 January

STVS ProVision 5.9.10 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.

STVS ProVision 5.9.10 Cross Site Request Forgery

Posted by deepcore under exploit (No Respond)

STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.

Sudo Heap-Based Buffer Overflow

Posted by deepcore under exploit (No Respond)

Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.

[dos] jQuery UI 1.12.1 – Denial of Service (DoS)

Posted by deepcore under Security (No Respond)

jQuery UI 1.12.1 – Denial of Service (DoS)

Tags: 0day, remote exploit

[webapps] CMSUno 1.6.2 – 'lang/user' Remote Code Execution (Authenticated)

Posted by deepcore under Security (No Respond)

CMSUno 1.6.2 – ‘lang/user’ Remote Code Execution (Authenticated)

Tags: 0day, remote exploit

[webapps] EgavilanMedia PHPCRUD 1.0 – 'Full Name' Stored Cross Site Scripting

Posted by deepcore under Security (No Respond)

EgavilanMedia PHPCRUD 1.0 – ‘Full Name’ Stored Cross Site Scripting

Tags: 0day, remote exploit

Apple Patches Three Actively Exploited Zero Days

Posted by deepcore under exploit (No Respond)

Apple Security Advisory 2021-01-26-1

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2021-01-26-1 – iOS 14.4 and iPadOS 14.4 address race condition and arbitrary code execution vulnerabilities.

Tags: Apple, ios, osx

Apple Security Advisory 2021-01-26-2

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2021-01-26-2 – tvOS 14.4 addresses a race condition vulnerability.

Tags: Apple, ios, osx

Apple Security Advisory 2021-01-26-3

Posted by deepcore under Apple (No Respond)

Apple Security Advisory 2021-01-26-3 – watchOS 7.3 addresses a race condition vulnerability.

Tags: Apple, ios, osx

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

STVS ProVision 5.9.10 Cross Site Scripting

STVS ProVision 5.9.10 Cross Site Request Forgery

Sudo Heap-Based Buffer Overflow

[dos] jQuery UI 1.12.1 – Denial of Service (DoS)

[webapps] CMSUno 1.6.2 – 'lang/user' Remote Code Execution (Authenticated)

[webapps] EgavilanMedia PHPCRUD 1.0 – 'Full Name' Stored Cross Site Scripting

Apple Patches Three Actively Exploited Zero Days

Apple Security Advisory 2021-01-26-1

Apple Security Advisory 2021-01-26-2

Apple Security Advisory 2021-01-26-3

Tabs Switcher

Categories

Archives

Meta

BLOGROLL