Xc0re Blog will be back, very soon . (07/12/2016)
Update: 2017 => You can find latest posts here… https://www.xc0re.net
Advertisements
September 25, 2012
Will be back soon
About 0x90
Packet Storm Security- Oracle Business Intelligence Directory Traversal April 19, 2019Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from a directory traversal vulnerability.
- Oracle Business Intelligence And XML Publisher XML Injection April 19, 2019Oracle Business Intelligence and XML Publisher versions 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from an XML external entity injection vulnerability.
- QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service April 19, 2019QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability.
- SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation April 19, 2019This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in the MODPROBE_OPTIONS environment variable, resulting in arbitr […]
- Atlassian Confluence Widget Connector Macro Velocity Template Injection April 18, 2019Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A _template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not required to exploit this vulnerability. By default, Java payl […]
- Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference April 18, 2019Netwide Assembler (NASM) version 2.14rc15 null pointer dereference proof of concept exploit.
- ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution April 18, 2019This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is […]
- Evernote 7.9 Path Traversal / Code Execution April 18, 2019Evernote version 4.9 suffers from a path traversal that can allow for code execution.
- LibreOffice Macro Code Execution April 17, 2019This Metasploit module generates an ODT file with a mouse over event that when triggered, will execute arbitrary code.
- Oracle Java Runtime Environment GlyphIterator::setCurrGlyphID Heap Corruption April 17, 2019A heap corruption was observed in Oracle Java Runtime Environment version 8u202 (latest at the time of this writing) while fuzz-testing the processing of TrueType fonts.
- Oracle Business Intelligence Directory Traversal April 19, 2019
- Bugtraq
- [slackware-security] libpng (SSA:2019-107-01) April 18, 2019
- [SECURITY] [DSA 4433-1] ruby2.3 security update April 17, 2019
- [SECURITY] [DSA 4432-1] ghostscript security update April 17, 2019
- CVE-2018-2879 - anniversary April 17, 2019
- [SE-2019-01] Gemalto SIM card applet loading vulnerability April 15, 2019
- [SECURITY] [DSA 4431-1] libssh2 security update April 15, 2019
Advertisements
Leave a Reply