CVE-2014-8708

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature...

Design/Logic Flaw

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature...

CVE-2014-8708

Pluck CMS 4.7.2 is affected. A remote attacker can execute arbitrary code via the blog form feature, as reported by multiple sources (NVD/CNVD equivalents). Root cause details are not explicitly described in the provided documents beyond the blog form vector. No remediation or patch information i...

CVE-2014-8708

Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature...

phplist 3.2.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected phplist 3.2.6 Product: Fixed in: 3.3.1 Fixed Version https://sourceforge.net/projects/phplist/files/phplist/3.3.1/ Link: phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability XSS Type: Remote Yes...

blogs.partner.microsoft.com XSS vulnerability

Vulnerable URL: https://blogs.partner.microsoft.com/mpn/top-social-media-tips-to-connect-with-customers/?ln=" menik Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

Internet Bug Bounty: Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack

We found an issue in the JWE specification where it fails to warn the implementers about Invalid Curve attack. We found several libraries to be vulnerable : node-jose, jose2go, Nimbus JOSE+JWT and jose4j and in the process of filing an errata for the RFC. We report the vulnerabilities to the...

control.blog.sina.com.cn XSS vulnerability

Vulnerable URL: http://control.blog.sina.com.cn/riaapi/checklogin.php?callback=x'"--!confirmOPENBUGBOUNTY...

Logsign RCE Vulnerability (Mar 2017) - Active Check

Logsign is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:logsign:logsign"; ...

Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Linux/x86-64 - Polymorphic Flush IPTables Shellcode (47 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (31 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Cambium Networks ePMP 1000 Multiple Vulnerabilities

Cambium Networks ePMP1000 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Google Employees Help Thousands Of Open Source Projects Patch Critical ‘Mad Gadget Bug’

Last year Google employees took an initiative to help thousands of Open Source Projects patch a critical remote code execution vulnerability in a widely used Apache Commons Collections ACC library. Dubbed Operation Rosehub, the initiative was volunteered by some 50 Google employees, who utilized ...

Wordpress Theagency Themes File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress Themes Theagency File Upload Vulnerability Author : Berandal Google Dork: inurl:/wp-content/themes/theagency Tested on: Win 7, Linux Blog : http://www.maxteroit.com/ Video Proof :...

Linux/x86-64 - Random Listener Shellcode (54 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

Linux - Reverse Shell Shellcode (66 bytes)

Linux - Reverse Shell Shellcode 66 bytes. Shellcode exploit for Linux platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the...

For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net

Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...

2017 年 2 月のセキュリティ更新プログラム リリース

本記事は、MSRC のブログ “February 2017 security update release” 2017 年 2 月 14 日 米国時間公開 を翻訳し...