Google Releases Security Update for Chrome OS

Google has released Chrome OS 40.0.2214.114 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Google Chrome blog entry and app...

Google Releases Security Updates for Chrome

Google has released Chrome 40.0.2214.111 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry a...

X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass Exploit

Exploit for windows platform in category remote exploits !-- Exploit Title: X360 VideoPlayer ActiveX Control RCE Full ASLR & DEP Bypass Author: Rh0 Date: Jan 30 2015 Affected Software: X360 VideoPlayer ActiveX Control 2.6 VideoPlayer.ocx Vulnerability: Buffer Overflow in Data Section Tested on:...

Google Releases Security Updates for Chrome

Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information. US-CERT encourages users and administrators to review t...

HikaShop 2.3.3 Local File Inclusion

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'HikaShop - LFI poc for authenticated users', 'Description' = %q HikaShop 2.3.3 is vulnerable to local file include attack...

CVE-2014-9432

Multiple cross-site scripting XSS vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERYSTRING to serendipity/index.php...

CVE-2014-9432

Multiple cross-site scripting XSS vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERYSTRING to serendipity/index.php...

GLSA-201412-33 : PowerDNS Recursor: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201412-33 PowerDNS Recursor: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PowerDNS Recursor. Please review the CVE identifiers and PowerDNS blog post referenced below for details. Impact : A remote...

India Times Cross Site Scripting

All Links in Two Topics of Indiatimes indiatimes.com Are Vulnerable to XSS cross site scripting Attacks Domain Description: http://www.indiatimes.com "According to the Indian Readership Survey IRS 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.6...

WordPress 3.0-3.92 stored XSS vulnerability analysis&POC-vulnerability warning-the black bar safety net

! /Article/UploadPic/2014-11/2 0 1 4 1 1 2 7 1 0 5 7 1 6 1 1 7. png Overview: WordPress is a PHP language development blog platform, users can support PHP and MySQL database server set up your own website. You can also put WordPress as a CMS to use. Recently WordPress less than 3. 9 2 Version...

CVE-2014-6324

creationtimestamp| type| source ---|---|--- 2014-11-18 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2014/11/additional-information-about-cve-2014-6324/ 2014-12-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35474 2018-05-29 15:50:33+00:00| seen|...

Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'digest/md5' class Metasploit3 0|1 if an HTTP request has been made to download a payload of that ID attrreader :servedpayloads def...

Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper #2

No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...

Google Releases Security Update for Chrome

Google has released Chrome 38.0.2125.122 for Windows, Mac and Linux. This update addresses a vulnerability which could potentially allow an attacker to take over an affected system. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary update...

E107 BLOG Engine Plugin Remote SQL Injection (CVE-2008-6438)

An SQL injection vulnerability has been reported in E107coders Macguru Blog Engine Plugin. An attacker could exploit this vulnerability via the uid parameter. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

E107 BLOG Engine Plugin SQL Injection (CVE-2008-2455)

An SQL injection vulnerability has been reported in E107coders E107 Blog Engine. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

Security Advisory 3009008 updated

Today, we announced the availability of SSL 3.0 fallback warnings in Internet Explorer IE 11. For more information please visit the IE blog. We have also published an update on the status of the changes we have made to our Azure offerings in response to the SSL 3.0 vulnerability. For more...

GNU Wget FTP Symlink Arbitrary Filesystem Access

This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...

CVE-2014-4073

creationtimestamp| type| source ---|---|--- 2014-10-14 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2014/10/more-details-about-cve-2014-4073-elevation-of-privilege-vulnerability/...

Twitter Files Suit Over Government Restrictions on National Security Letter Data

Twitter has filed a lawsuit in federal court asking that the United States Department of Justice’s prohibitions on publishing the number and kind of government requests for data the company receives be declared unconstitutional. The suit claims that the rules infringe on Twitter’s right to free...