OpenSaveMRU History

Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer. C Tenable Network Security, Inc. include"compat.inc"; if...

IRCCloud: Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution)

I. Vulnerability --------------------- IRCCloud is affected by Cross Site Scripting vulnerability in its badges page. www.irccloud.com/badges II. Description --------------------- IRCCloud is open to parameter pollution attacks ie. a parameter passed more than once with different values results i...

Android security development of ZIP file directory traversal-vulnerability warning-the black bar safety net

ZIP compressed package file to allow the presence of“../”string, an attacker can carefully construct the ZIP file, use multiple“../”thereby changing the ZIP package to a file in the storage position, the cover to replace the application the original file. If the overwritten file is available. so...

DEBIAN-CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

UBUNTU-CVE-2016-3062

The movreaddref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service memory corruption or execute arbitrary code via the entries value in a dref box in an MP4 file...

An arbitrary file read vulnerability recorded-vulnerability warning-the black bar safety net

Black box testing Black-box testing found that an interface exist arbitrary file read vulnerability. ! "" The preferred determination is file read or file contains, because filegetcontent“/etc/passwd”include“/etc/passwd”black box view of the performance may be the same. And the file contains is c...

Code injection

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover...

CVE-2016-2311

The CVE-2016-2311 vulnerability affects Black Box AlertWerks ServSensor family devices (including ServSensor, ServSensor Junior, ServSensor Junior with PoE, and ServSensor Contact) with firmware before SP473. The issue allows remote authenticated users to obtain administrator and user passwords v...

Multiple Black Box AlertWerks ServSensor Products Information Disclosure Vulnerabilities

Black Box AlertWerks ServSensor and so on are the products of American Black Box Company, AlertWerks ServSensor is a core product for environmental monitoring system; AlertWerks ServSensor Junior is a remote environmental monitoring host product. A security vulnerability exists in multiple Black...

General Purpose Fuzzer: Radamsa

Radamsa is a test case generator for robustness testing, a.k.a. a fuzzer. It is typically used to test how well a program can withstand malformed and potentially malicious inputs. It works by reading sample files of valid data and generating interestringly different outputs from them. The main...

Automattic: WordPress core stored XSS via attachment file name

I think there's a problem with missing HTML encoding of attachment file names. A user with the capability to create attachments could compromise other accounts including administrator by injecting HTML tags in the file name. Creating attachment with arbitrary filenames is possible at least via th...

Protocol Learning and Stateful Fuzzing: Pulsar

Pulsar is a network fuzzer with automatic protocol learning and simulation capabilites. The tool allows to model a protocol through machine learning techniques, such as clustering and hidden Markov models. These models can be used to simulate communication between Pulsar and a real client or serv...

Black Box WordPress Vulnerability Scanner: WPScan

WPScan is a Black Box WordPress Vulnerability Scanner that attempts to find known security weaknesses within WordPress installations. The application is provided for security professionals or WordPress administrators to help them find security problems and vulnerabilities in their installations. ...

CANToolz aka YACHT (Yet Another Car Hacking Tool) - Framework for Black-Box CAN Network Analysis

CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MIT...

IrIran Shopping Script 4.1 Cross Site Scripting

Exploit Title : IrIran Shoping Script Cross Site Scripting Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.iriran.net/eshopbuilder/ Google Dork : "Powered by: IRIran.net" Date: 2016/04/26 Category: Webapps Tested on: Win /php Version : 4.1 PoC: Search Box Vulnerable ...

AVM FRITZ!Boxh Stack Buffer Overflow Vulnerability

AVM Fritz!Box is a router product from the German company AVM. AVM Fritz!Box suffers from a stack cache overflow vulnerability. The vulnerability allows an attacker to gain root privileges and execute arbitrary code...

CVE-2016-3456

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box...

CVE-2016-3456

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box...

CVE-2016-3456

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box...