Gadget Works Online Ordering System 1.0 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Gadget Works Online Ordering System version 1.0 suffers from a persistent cross site scripting vulnerability.
Archive for May, 2021
WordPress Cookie Law Bar 1.2.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
WordPress Cookie Law Bar plugin version 1.2.1 suffers from a persistent cross site scripting vulnerability.
QT TIFF Processing Out-Of-Bounds Read
Posted by deepcore under exploit (No Respond)
The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow an attacker to determine values in memory based of the QImage pixels, if QT is used to process untrusted images.
[webapps] Pluck CMS 4.7.13 – File Upload Remote Code Execution (Authenticated)
Posted by deepcore under Security (No Respond)
[webapps] Codiad 2.8.4 – Remote Code Execution (Authenticated) (3)
Posted by deepcore under Security (No Respond)
[remote] ProFTPd 1.3.5 – 'mod_copy' Remote Command Execution (2)
Posted by deepcore under Security (No Respond)
[dos] RarmaRadio 2.72.8 – Denial of Service (PoC)
Posted by deepcore under Security (No Respond)
QT TIFF Processing Out-Of-Bounds Read
Posted by deepcore under exploit (No Respond)
The QImageReader class can read out-of-bounds when converting a specially-crafted TIFF file into a QImage, where the TIFF tile length is inconsistent with the tile size. This could potentially allow an attacker to determine values in memory based of the QImage pixels, if QT is used to process untrusted images.
Backdoor.Win32.Singu.a Buffer Overflow
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.Singu.a malware suffers from a buffer overflow vulnerability.
Backdoor.Win32.SkyDance.216 Buffer Overflow
Posted by deepcore under exploit (No Respond)
Backdoor.Win32.SkyDance.216 malware suffers from a buffer overflow vulnerability.