Command injection

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

CVE-2020-12246

Beeline Smart Box 2.0.38 routers allow "Advanced settings Other Diagnostics" OS command injection via the Ping pingipaddr parameter, the Nslookup nslookupipaddr parameter, or the Traceroute tracerouteipaddr parameter...

CVE-2020-12246

Beeline Smart Box 2.0.38 is affected by CVE-2020-12246, a OS command injection in the Diagnostics page (Advanced settings > Other > Diagnostics) via the Ping (ping_ipaddr), Nslookup (nslookup_ipaddr), and Traceroute (traceroute_ipaddr) parameters. Public sources in the connected set (NVD, R...

The vulnerability of the dialog box detection component in Google Chrome’s web browser allows a perpetrator to compromise data integrity.

The vulnerability of the dialog area component in Google Chrome’s web browser is related to the lack of a mechanism for controlling permissions. Exploiting this vulnerability allows an attacker to affect data integrity through a specially created HTML page...

DLL Hijacking Vulnerability in Tease Game Box of Beijing Tease Network Technology Co.

Teaser Game Box is a mobile game box software. Beijing Tease Game Network Technology Co., Ltd Tease Game Box has a DLL hijacking vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...

DLL Hijacking Vulnerability in Quick Play Game Box of Shenzhen Yunqi Network Technology Co.

Quick Play Game Box is a game box software. Shenzhen Yunqi Network Technology Co., Ltd Quick Play Game Box has a DLL hijacking vulnerability, which can be exploited by an attacker to inject an executable DLL file into the client process to perform arbitrary functions...

Shenzhen Tencent Computer System Limited Tencent Game Box suffers from DLL hijacking vulnerability

Tencent game box is specially designed for web users to create game aids, with original hang-up bodyguard, convenient account multi-opening, exclusive game acceleration, selected game recommendations, high-quality game strategy, one-stop gift packages and other features. Shenzhen Tencent Computer...

Htbenum - A Linux Enumeration Script For Hack The Box

This script is designed for use in situations where you do not have internet access on a Linux host and would like to run enumeration and exploit suggestion scripts, such as Hack The Box. I find myself running a similar set of scripts when I get an initial foothold on a Linux box, and this script...

Unauthorized Access Vulnerability in Cloud Box Fortresses

Cloud Box is a security management tool for tenants to connect to cloud resources, helping cloud tenants manage virtual machines, databases, and other resources on the cloud more securely and granularly. An unauthorized access vulnerability exists in Cloud Box Fortress, which can be exploited by ...

Microsoft security advisory: Update for vulnerability in Juniper Networks Windows In-Box Junos Pulse client: June 9, 2015

Microsoft security advisory: Update for vulnerability in Juniper Networks Windows In-Box Junos Pulse client: June 9, 2015 INTRODUCTION Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view...

Update for RichTextBox controls and ALT codes in Windows 8.1

Update for RichTextBox controls and ALT codes in Windows 8.1 Summary This update fixes the following issues: You have a RichTextBox control in a Windows-based application in Windows 8.1. When you try to check the spelling within the control, the application crashes in the Msftedit.dll file. When...

The cloud is beige - The demise of black box testing

Black-box penetration testing is dead. Id question why it is even a consideration. Its of limited and dubious value in almost any context. Wait, wait… I didnt mean that. Put down the pitchforks and torches, development and QA teams, Im only talking about black-box penetration testing. Yes,...

Single string is drawn by multiple fonts in the TextBox control of Windows Store application in Windows

Single string is drawn by multiple fonts in the TextBox control of Windows Store application in Windows This article describes an issue that occurs when the MS Mincho font is assigned for the TextBox control in Windows RT 8.1, Windows 8.1, or Windows Server 2012 R2. You can resolve this issue by...

CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2

CHM file freezes when you enter characters in Search box on the Index tab in Windows 8.1 or Windows Server 2012 R2 This article describes an issue that occurs when you enter characters in the Search box on the Index tab in a Compiled HTML Help .chm file in Windows 8.1, Windows RT 8.1, or Windows...

CVE-2020-10267

Universal Robots control box CB 3.1 across firmware versions tested on 1.12.1, 1.12, 1.11 and 1.10 does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components URCaps. These files .urcaps are stored under...

CVE-2020-10267

CVE-2020-10267 affects the Universal Robots control box CB 3.1 (firmware versions 1.12.1, 1.12, 1.11, 1.10) where UR+ URCaps artifacts are stored under /root/.urcaps as plain zip files containing logic for UR3/UR5/UR10. The underlying issue is that these intellectual property artifacts are not en...

Vanguard 2.1 Cross Site Scripting

Exploit Title: Vanguard 2.1 Multi XSS Vunlerabilities Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/vanguard-marketplace-digital-products-php/20287975 Version: 2.1 Tested on: 5.4.0-4parrot1-amd64...

DEBIAN-CVE-2020-11558

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audiosampleentryRead in isomedia/boxcodebase.c does not properly decide when to make gfisomboxdel calls. This leads to various use-after-free outcomes involving mdiaRead, gfisomdeletemovie, and gfisomparsemovieboxes...

UBUNTU-CVE-2020-11558

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audiosampleentryRead in isomedia/boxcodebase.c does not properly decide when to make gfisomboxdel calls. This leads to various use-after-free outcomes involving mdiaRead, gfisomdeletemovie, and gfisomparsemovieboxes...

37 online game box has DLL hijacking vulnerability

37 Game Box is a free auxiliary tool for page games. 37 Online Game Box has a DLL hijacking vulnerability that can be exploited by attackers to execute malicious code...