Desknet's Neo Security Vulnerabilities

Buffer overflow

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in...

CVE-2018-5195

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in...

Security advisory YSA-2018-01 - Yubico

Oscar Mira and Roi Martin from the Schibsted security team informed us of a security issue in the OATH (Initiative for Open Authentication) applet on the YubiKey NEO. The YubiKey OATH applet is used to generate time-based one-time password (TOTP) and HMAC-based one-time password (HOTP) codes that.....

neo-net.ru Open Redirect vulnerability

Vulnerable URL: http://www.neo-net.ru/redirect.php?url=openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No ...

Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability(CVE-2017-2819)

Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under...

Neo-Nazi DailyStormer Booted Off By Austrian Domain Registrar

By Carolina Andrew Anglin, the administrator of the neo-nazi website DailyStormer, has This is a post from HackRead.com Read the original post: Neo-Nazi DailyStormer Booted Off By Austrian Domain...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). CVE-2016-10277:...

Security update for the Linux Kernel (important)

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an ...

China Bans Fundraising Through Initial Coin Offering (ICO)

China's central bank today announced an immediate ban on all ICO—Initial Coin Offering—fundraising, to prevent fraud and illegal fundraising. ICO is the hottest new thing in the blockchain world, which is an alternative to crowdfunding that lets a firm raise funding from multiple sources. The...

DailyStormer comes back with Albanian domain; gets booted off

By Carolina DailyStormer, the neo-nazi and racist website is having a difficult This is a post from HackRead.com Read the original post: DailyStormer comes back with Albanian domain; gets booted...

Malware vaccination tricks: blue pills or red pills

First, let me explain what I mean by malware vaccination tricks. Most of you will have heard about some of these. Vaccination tricks are in fact techniques that use safety checks done by malware against that same malware. The malware checks for the presence of certain files or registry keys as a...

Russia boots off DailyStormer and CloudFlare removes DDoS protection

By Waqas It looks like the racist and neo-nazi website DailyStormer has no This is a post from HackRead.com Read the original post: Russia boots off DailyStormer and CloudFlare removes DDoS...

Neo Nazi site DailyStormer moves to dark web that’s as good as dead

By Waqas On August 14th it was reported that Internet domain registrar and This is a post from HackRead.com Read the original post: Neo Nazi site DailyStormer moves to dark web that’s as good as...

Internet Bug Bounty: CVE-2017-12858: Heap UAF in _zip_buffer_free() / Double free in _zip_dirent_read()

libzip is a C library for reading, creating, and modifying zip archives. A partial list of projects using libzip include: Plex Home Theater, MySQL Workbench, ckmame, fuse-zip, lua-zip, php zip extension, zipruby, Endeavour2, FreeDink, DeaDBeeF (vfs_zip plugin), OpenLierox, ebook-tools, PDF Expert,....

GoDaddy bans neo-nazi DailyStormer website

By Waqas GoDaddy Inc. Internet domain registrar and web hosting giant have This is a post from HackRead.com Read the original post: GoDaddy bans neo-nazi DailyStormer...

Shenzhen, China, a manufacturer of smart cameras exposed vulnerability: at least 17.5 million devices can be remote attack-vulnerability warning-the black bar safety net

Security firms Bitdefender and Checkmarx are released report, security researcher at a plurality of conventional smart cameras found in a remote intrusion vulnerability, relates to the VStarcam, the Loftek, as well as Neo IP camera. One of Neo IP camera is Shenzhen, China manufacturer beautiful...

Remote Exploitation of the NeoCoolcam IP Cameras and Gateway

Foreword The Internet of Connected Things has become a massive phenomenon during the past few years and will continue to grow at an incredible pace. More than 26 billion smart devices will be on the market by 2020, Gartner estimates. We’re looking at an explosive growth, as IoT opportunities...

Fedora 26 : libmtp (2017-69fdb38f3e)

libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...

Fedora 24 : libmtp (2017-d26266eb32)

libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...

goanoriant.org XSS vulnerability

Vulnerable URL: http://goanoriant.org/wp-content/plugins/maxigos_wp_plugin/_maxigos/_sample/neo-classic/neo-classic.php?mxL=%22/%3E%3CsvG/onLoad=alert(/OPENBUGBOUNTY/)%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 01.10.2017 Vulnerability type:| XSS Vulnerability...

Fedora 25 : libmtp (2017-4c57da6642)

libmtp 1.1.13 ============= Christophe Vu-Brugier (1) : added GoPro HERO5 Black Emeric Grange (2) : added GoPro HERO5 Session rename F5321 into XPeria X Compact Gaute Hope (2) : add GoPro Hero+ add mtp-detect for GoPro Hero+ Jerry Zhang (1) : Update Google device strings, add...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the...

Heap overflow

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the...

CVE-2017-2819

An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the...

Hancom Thinkfree NEO Hangul Word Processor HWPTAG_TAB_DEF Tab Count Code Execution Vulnerability

Summary An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under...

CyanogenMod 12 Stagefright (.MP4 tx3g Integer Overflow) Remote Code Execution Exploit

Exploit for windows platform in category remote...

Wireless IP Camera (P2P) WIFICAM GoAhead Backdoor / Remote Command Execution

...

The Wireless IP Camera (P2P) WIFICAM Multiple vulnerabilities

Product Description The Wireless IP Camera (P2P) WIFICAM is a Chinese web camera which allows to stream remotely. Vulnerabilities Summary The Wireless IP Camera (P2) WIFICAM is a camera overall badly designed with a lot of vulnerabilities. This camera is very similar to a lot of other Chinese...

Posnic Stock Management System - SQL Injection

...

Posnic Stock Management System - SQL Injection

Posnic Stock Management System - SQL...

foxconnchannel.com XSS vulnerability

Vulnerable URL:...

opera-guide.ch XSS vulnerability

Vulnerable URL: http://opera-guide.ch/index.php?uilang=en%22%3E%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 878604 VIP website.....

tasteofsouthflorida.com XSS vulnerability

Vulnerable URL: http://tasteofsouthflorida.com/cgi-bin/tseekdir.cgi?location=Root-Miami,045Dade_Restaurants-South_Beach%27%3E%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS...

maquis-art.com XSS vulnerability

Vulnerable URL: http://maquis-art.com/shop/index.php?page=1&objet;_recherche=/%22%3E%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 13:57 GMT Vulnerability type:| XSS Vulnerability status:|...

topup.orange.com XSS vulnerability

Vulnerable URL: https://topup.orange.com/?s=%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated...

food-com.com XSS vulnerability

Vulnerable URL: http://www.food-com.com/about.php?id=%3E%3C/SCRIPT%3E%22%3E%27%3E%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 13:49 GMT Vulnerability type:| XSS Vulnerability status:|...

grameenphone.com XSS vulnerability

Vulnerable URL: https://www.grameenphone.com/bn/search/node/%22%3E%3Cscript%3Ealert('OPENBUGBOUNTY')%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6524 VIP website...

Adobe ColdFusion < 11 Update 10 - XML external entity injection

Discovered by: Dawid Golunski http://legalhackers.com dawid (at) legalhackers.com APSB16-30 Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion &lt;= 11 XML External Entity (XXE) Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...

Adobe ColdFusion &lt; 11 Update 10 - XML External Entity Injection

...

Adobe ColdFusion 11 XML External Entity Injection

...

Adobe ColdFusion 11 Update 10 - XML External Entity Injection

Adobe ColdFusion 11 Update 10 - XML External Entity...

Adobe ColdFusion < 11 Update 10 - XML External Entity Injection

Exploit for php platform in category web...

Patched ColdFusion Flaw Exposes Applications to Attack

An Adobe ColdFusion vulnerability addressed Tuesday in a hotfix pushed to users put applications developed on the platform at risk to a number of serious issues. Researcher Dawid Golunski of Legal Hackers today revealed details on the flaw, which he privately disclosed to Adobe, as well as a...

babymall.co.il XSS vulnerability

Vulnerable URL: http://www.babymall.co.il/Error.asp?msg=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 26620315 VIP website...

piclist.com XSS vulnerability

Vulnerable URL: http://www.piclist.com/techref/error.asp?error=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 08.05.2017 Latest check for patch:| 08.05.2017 20:27 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

italianshop.co.il XSS vulnerability

Vulnerable URL: http://www.italianshop.co.il/Error.asp?msg=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 20436634 VIP website...

drfood.co.il XSS vulnerability

Vulnerable URL: http://www.drfood.co.il/Error.asp?msg=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 19773109 VIP website...

timecenter.co.il XSS vulnerability

Vulnerable URL: http://www.timecenter.co.il/Error.asp?msg=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4423195 VIP website...

konimolam.co.il XSS vulnerability

Vulnerable URL: http://www.konimolam.co.il/error.asp?msg=%3Cscript%3Ealert(%27OPENBUGBOUNTY%27)%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 10349397 VIP website...