Yazilimi Jettweb 3 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
Yazilimi Jettweb version 3 suffers from a cross site scripting vulnerability.
Archive for January, 2023
Active Matrimonial CMS 3.5 Insecure Settings
Posted by deepcore under exploit (No Respond)
Active Matrimonial CMS version 3.5 appears to leave a default administrative account in place post installation.
Citrix Workspace App For Linux 2212 Credential Leak
Posted by deepcore under exploit (No Respond)
The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client’s system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected.
XNU VM Copy-On-Write Bypass
Posted by deepcore under exploit (No Respond)
XNU VM suffers from a copy-on-write bypass vulnerability due to incorrect shadow creation logic used during unaligned vm_map_copy operations.
XNU vm_map_copy_overwrite_unaligned Race Condition
Posted by deepcore under exploit (No Respond)
A XNU race condition in vm_map_copy_overwrite_unaligned allows writing to read-only mappings.
BootCommerce 3.2.1 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
BootCommerce version 3.2.1 suffers from a cross site scripting vulnerability.
BootCommerce 3.2.1 SQL Injection
Posted by deepcore under exploit (No Respond)
BootCommerce version 3.2.1 suffers from a remote SQL injection vulnerability.
LISTSERV 17 Cross Site Scripting
Posted by deepcore under exploit (No Respond)
LISTSERV version 17 suffers from a cross site scripting vulnerability.
LISTSERV 17 Insecure Direct Object Reference
Posted by deepcore under exploit (No Respond)
LISTSERV version 17 suffers from an insecure direct object reference vulnerability that allows illicit access to a target’s profile.
http://www.webiad.moe.go.th/locked.txt
Posted by deepcore under defacement (No Respond)
http://www.webiad.moe.go.th/locked.txt notified by F3RGUSO
Tags: defacement