>> CATEGORY: exploit

Dream CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative…

Zhone ZNID GPON 2426A suffers from insecure direct object reference, password disclosure, command injection, cross site scripting, and privilege escalation vulnerabilities. Versions prior to S3.0.501 are affected.

An independent vulnerability laboratory researcher discovered a code execution vulnerability in the official FreemakeVideoDownloader v3.7.1 software.

Drupal version 8.0.0 Beta 14 suffers from a cross site scripting vulnerability. Drupal’s sad fix was to simply throw an .htaccess file in place to block access to the file.

PayPal suffered from an open redirect vulnerability.

FreeYouTubeToMP3 Converter version 4.0.1 suffers from a buffer overflow vulnerability.

WebComIndia CMS 2015Q4 suffers from an authentication bypass vulnerability via remote SQL injection.

VeryPDF Image2PDF Converter SEH buffer oevrflow exploit that spawns messagebox shellcode.

The W150D Wireless N 150 ADSL2 modem router suffers from a cross site request forgery vulnerability.

A component of Kaspersky Internet Security that’s enabled by default is called the “Network Attack Blocker”, described as “protects the computer against dangerous network activity”. This researcher examined the implementation,…