PORTIER 4.4.4.2 / 4.4.4.6 SQL Injection Vulnerability

Exploit for php platform in category web applications PORTIER 4.4.4.2 / 4.4.4.6 SQL Injection Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-1...

CVE-2018-14401

CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read...

ImageMagick Heap Buffer Over Read Vulnerability

ImageMagick is a software for creating, editing, and compositing images that can read, convert, and write images in many formats. A heap buffer over-read vulnerability exists in ReadSUNImage in coders/sun.c in ImageMagick 7.0.7-23 Q16 x8664 2018-01-24. An attacker can exploit this vulnerability t...

CloudMe Sync v1.10.9

This module exploits a stack-based buffer overflow vulnerability in CloudMe Sync v1.10.9 client application. This module has been tested successfully on Windows 7 SP1 x86. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Pulse Secure Linux client GUI fails to validate SSL certificates

Overview The Pulse Secure Linux client GUI fails to validate SSL certificates, which can allow an attacker to modify connection settings. Description Pulse Secure is an SSL VPN solution. The Linux Pulse Secure client GUI is implemented using WebKit, and the actions taken using the GUI are...

CVE-2018-2689

creationtimestamp| type| source ---|---|--- 2018-01-28 18:28:38+00:00| seen| https://t.me/itsecalert/87...

CVE-2018-2686

creationtimestamp| type| source ---|---|--- 2018-01-28 18:28:38+00:00| seen| https://t.me/itsecalert/87...

CVE-2018-2698

creationtimestamp| type| source ---|---|--- 2018-01-28 18:28:38+00:00| seen| https://t.me/itsecalert/87...

CVE-2018-2687

creationtimestamp| type| source ---|---|--- 2018-01-28 18:28:38+00:00| seen| https://t.me/itsecalert/87...

CVE-2018-2693

creationtimestamp| type| source ---|---|--- 2018-01-28 18:28:38+00:00| seen| https://t.me/itsecalert/87...

Security update for MozillaFirefox (important)

This update for MozillaFirefox fixes the following issues: - update to Firefox 52.6esr boo1077291 MFSA 2018-01 Speculative execution side-channel attack "Spectre" MFSA 2018-03 CVE-2018-5091 bmo1423086 Use-after-free with DTMF timers CVE-2018-5095 bmo1418447 Integer overflow in Skia library during...

CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection

Document Title: =============== CentOS Web Panel v0.9.8.12 - Remote SQL Injection Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1833 Release Date: ============= 2018-01-22 Vulnerability Laboratory ID VL-ID:...

CVE-2017-5116

creationtimestamp| type| source ---|---|--- 2018-01-18 08:28:32+00:00| published-proof-of-concept| https://t.me/R0Crew/386 2018-01-18 09:29:09+00:00| published-proof-of-concept| https://t.me/antichat/660 2018-01-18 10:32:09+00:00| published-proof-of-concept| https://t.me/br0wsec/23 2018-01-22...

CVE-2016-8624

creationtimestamp| type| source ---|---|--- 2018-01-11 23:41:51+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/867...

CVE-2018-5702

creationtimestamp| type| source ---|---|--- 2018-01-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43665 2018-01-16 10:48:53+00:00| seen| https://t.me/SecLabNews/1303...

CVE-2018-5189

creationtimestamp| type| source ---|---|--- 2018-01-10 15:27:29+00:00| published-proof-of-concept| https://t.me/canyoupwnme/3004...

Security update 2018-01-09

...

WordPress Admin Menu Tree Page View 2.6.9 CSRF / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

Security advisory YSA-2018-01 | Yubico

Oscar Mira and Roi Martin from the Schibsted security team informed us of a security issue in the OATH Initiative for Open Authentication applet on the YubiKey NEO. The YubiKey OATH applet is used to generate time-based one-time password TOTP and HMAC-based one-time password HOTP codes that are...

golmarket.co.kr XSS vulnerability

Open Bug Bounty ID: OBB-478435 Description| Value ---|--- Affected Website:| golmarket.co.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure bas...