OpenStego is a tool implemented in Java for generic steganography, with support for password-based encryption of the data. It supports plugins for various steganographic algorithms (currently, only Least Significant Bit algorithm is supported for image…
There is a directory traversal issue in the Telegram client for Android. The method saveFile in MediaController.java saves a file to external memory based on an optional name that is not filtered. The name is provided by the remote peer when sending a …
There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written […]
WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability.
Source: WordPress Placemarks 2.0.0 Cross Site Scripting
The post WordPress Placemarks 2.0.0 Cross Site Scripting appeared first on MondoUnix.
WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
Source: WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
The post WordPress Sagepay Server Gateway For WooComm…
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerab…
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes […]
Monstra CMS version 3.0.4 suffers from a remote shell upload vulnerability that allows for remote code execution.
Source: Monstra CMS 3.0.4 Remote Shell Upload
The post Monstra CMS 3.0.4 Remote Shell Upload appeared first on MondoUnix.
This Metasploit module exploits a file upload vulnerability found in Western Digital’s MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device’s file system. This allows an attacker the ability to upload a PHP […]
The post Western Digital MyCloud multi_uploadify File Upload appeared first on MondoUnix.
Bus Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
Source: Bus Booking Script 1.0 SQL Injection
The post Bus Booking Script 1.0 SQL Injection appeared first on MondoUnix.