19 matches found
CVE-2016-11053
An issue was discovered on Samsung mobile devices with software through 2015-11-11 supporting FRP/RL. There is a Factory Reset Protection FRP bypass. The Samsung ID is SVE-2015-5131 January 2016...
ABRT - sosreport Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT sosreport Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on RHEL systems with a vulnerable version o...
CVE-2018-14944
An issue has been found in jpegencoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpegencoder.cpp. The signal is caused by an out-of-bounds write...
gameblog.fr XSS vulnerability
Open Bug Bounty ID: OBB-458132 Description| Value ---|--- Affected Website:| gameblog.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
gameblog.fr XSS vulnerability
Open Bug Bounty ID: OBB-232628 Description| Value ---|--- Affected Website:| gameblog.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Facebook Proxygen Security Vulnerability (CNVD-2017-05674)
Facebook Proxygen is a set of open source C++ HTTP class libraries from the U.S. company Facebook . A security vulnerability exists in the SPDY/2 codec in versions of Facebook Proxygen prior to 2015-11-09. An attacker can exploit the vulnerability to perform hijacking and injection attacks...
CVE-2015-6035
Opsview before 2015-11-06 has XSS via SNMP...
CVE-2015-6035
CVE-2015-6035 affects Opsview prior to 2015-11-06. Multiple connected sources confirm a cross-site scripting (XSS) vulnerability exploitable via the SNMP interface, enabling an attacker to injected arbitrary web script/HTML in the user’s browser. The CNVD entry reiterates remote exploitation via ...
Yeager CMS 1.2.1 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Yeager CMS vulnerable version: 1.2.1 fixed version: 1.3 CVE number: CVE-2015-7567, CVE-2015-7568, CVE-2015-7569, CVE-2015-7570 ,...
Vine MV Cross-Site Scripting Vulnerability
Vine MV is a web application developed by Japanese software developer Ayaka Ikezawa that uses the Vine video sharing application API to automatically generate music videos. A cross-site scripting vulnerability exists in the main.rb file in versions of Vine MV prior to 2015-11-08. A remote attacke...
Cross site scripting
Cross-site scripting XSS vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
ProjectSend r582 - Multiple Vulnerabilities
ProjectSend r582 - Multiple Vulnerabilities Advisory ID: SGMA-16001 Title: ProjectSend multiple vulnerabilities Product: ProjectSend previously cFTP Version: r582 and probably prior Vendor: www.projectsend.org Vulnerability type: SQL-injection, Auth bypass, Arbitrary File Access, Insecure Object...
泛微 OA sysinterface/codeEdit.jsp 页面任意文件上传
0x01 漏洞概述 相关厂商: 泛微OA 官方主页: http://www.weaver.com.cn/ 公开时间: 2015-11-25 漏洞类型: 非授权访问/权限绕过 无需登录上传文件。 http://localhost:8088/sysinterface/codeEdit.jsp?filename=5308.java&filetype=java filename为文件名称 为空时会自动创建。 0x02 漏洞利用 代码详情 String fileid = "Ewv"; String readonly = ""; boolean isCreate = false;...
Jenkins CLI RMI Java Deserialization
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Jenkins CLI RMI Java Deserialization Vulnerability', 'Description' = %q This module exploits a vulnerability in Jenkins. An unsafe...
MyCustomers Cms Sql Injection Vulnerability
Exploit for php platform in category web applications MyCustomers 1.3.873 SQL Injection Published Credit Risk 2015.11.29 Persian Hack Team Medium CWE CVE Local Remote CWE-89 N/A No Yes Dork: "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873" Exploit Title :...
Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability
Document Title: =============== Adobe Premiere Clip iOS - Bypass & Persistent Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1479 View Video: https://www.youtube.com/watch?v=rGEeW7ypuRE Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1478 PSI...
arboga.se XSS vulnerability
Vulnerable URL: http://arboga.se/evenemangskalender/?eventsearchquery==2015-11-11="';-- Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 22:03 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4234450 Google...
CVE-2015-6613
CVE-2015-6613 affects Android devices running versions prior to 5.1.1 LMY48X and before 2015-11-01 on 6.0. The issue allows a local attacker via Bluetooth to send commands to a debugging port and gain privileges (Signature or SignatureOrSystem) through a crafted app. The vulnerability is tied to ...
holjegym.se XSS vulnerability
Vulnerable URL: http://holjegym.se/default.asp?id="';--=2 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 1 VIP website status:| No Check...