3641 matches found
XiaoCms Cross-Site Scripting Vulnerability
XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. A cross-site scripting vulnerability exists in XiaoCms version 20141229, which can be exploited by remote attackers to inject arbitrary web script or HTML vi...
CVE-2018-19193
An issue was discovered in XiaoCms 20141229. There is XSS via the largest input box on the "New news" screen...
File Box for Citrix User FAQs
File Box for Citrix User Frequently Asked Questions Who can use File Box with my Citrix Workspace account? File Box is only available to Employee users. Clients who you send files to cannot use the File Box. For more information on Users versus Client access, refer to Workspace: Employees vs...
Deploying VirtualBox virtual machines with Vagrant
I often use virtual machines for various tasks: from building software packages to testing software products or PoCs for vulnerabilities. Creating a virtual machine in Oracle VirtualBox is a time-consuming and annoying process: set parameters of VM, attach iso, make dozens of clicks in OS...
Shell In A Box 2.2.0 Denial Of Service Exploit
Exploit for linux platform in category dos / poc Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser a...
Shell In A Box 2.2.0 Denial Of Service
Product: Shell In A Box aka shellinabox, shellinaboxd "Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugin...
MPS Box 0.1.8.0 Arbitrary File Upload
Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
MPS Box 0.1.8.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested...
MPS Box 0.1.8.0 - Arbitrary File Upload
Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
MPS Box 0.1.8.0 - uuid SQL Injection
MPS Box 0.1.8.0 - uuid SQL Injection Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapp...
MPS Box 0.1.8.0 - uuid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested o...
MPS Box 0.1.8.0 SQL Injection
Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE...
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE...
CVE-2018-3287
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...
Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-23723)
Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the processing of the getPageBox method of Form in Foxit Reader 9.2.0.9297 and earlie...
KLA11339 Multiple vulnerabilities in Oracle Virtual Box
Multiple serious vulnerabilities were found in Oracle VM Virtual Box. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Vulnerability in the Oracle VM VirtualBox component of Oracle...
Vboxdie-Cracker - VirtualBox Disk Image Encryption Password Cracker
Virtual Box Disk Image Encryption password cracker Requirements 1. PHP = 5.5.0 2. OpenSSL = 1.0.1 XTS support Algorithm description User password is stored using a combination of PBKDF2 and AES-XTS as following shown values are fixed at the moment, but they can be controlled inside the file forma...
CVE-2018-17177
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs event logs and core dumps to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding ...
Design/Logic Flaw
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs event logs and core dumps to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding ...
CVE-2018-17177
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs event logs and core dumps to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding ...