Eagle Speed USB modem software suffers from a privilege escalation vulnerability.
>> CATEGORY: exploit
EnCase Forensic Imager versions 7.10 and below suffer from denial of service and heap-based buffer overflow vulnerabilities.
Biesta Billing version 4.0 Beta suffers from cross site request forgery and directory traversal vulnerabilities.
Tenda, D-Link, and TP-Link routers suffer from a DHCP-related cross site scripting vulnerability.
Schoolhos CMS version 2.29 suffers from a remote SQL injection vulnerability.
Input passed via the ‘_redirect’ GET parameter via ‘service.cgi’ script on various Peplink VPN-Firewall devices is not properly verified before being used to redirect users. This can be exploited to…
WinPower version 4.9.0.4 suffers from a privilege escalation vulnerability. Proof of concept code included.
WordPress Insert Html Snippet plugin version 1.2 suffers from a cross site request forgery vulnerability.
A full analysis and proof of concept 0-day exploits for a heap corruption vulnerability in the gstreamer decoder.