CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

CVE-2018-8761

CVE-2018-8761 : In Yxcms building system (compatible cell phone) v1.4.7, a logic flaw in the file protected\apps\member\controller\shopcarController.php allows an attacker to modify a price before form submission by observing data in a packet capture. The vulnerability is described in multiple so...

CVE-2018-8761

protected\apps\member\controller\shopcarController.php in Yxcms building system compatible cell phone v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture...

Arbitrary User Password Reset and Reflective Cross-site Scripting Vulnerabilities in zzcms System

Webmaster Merchants Content Management System ZZCMS developed by the ZZCMS team, into the database optimization, content caching, AJAX and other technologies, open source, independent functional modules, to facilitate secondary development. zzcms system exists arbitrary user password reset and...

Powershell-RAT - Python Based Backdoor That Uses Gmail To Exfiltrate Data Through Attachment

Python based backdoor that uses Gmail to exfiltrate data as an e-mail attachment. This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment. Note: This...

Mozilla Firefox Media Capture and Streams API Privilege Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A privilege vulnerability exists in the Mozilla Firefox Media Capture and Streams API. A remote user can exploit the vulnerability to display incorrect source information to the target user...

Synaptics Keyboard Driver Unprotected Debug Mode - us

Synaptics Keyboard Driver Unprotected Debug Mode Lenovo Security Advisory: LEN-18507 Potential Impact: Loss of confidentiality local to system Severity: Medium Scope of Impact: Industry-wide CVE Identifier: CVE-2017-17556 Summary Description: A researcher discovered a vulnerability in Synaptics...

CVE-2018-2402

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, see SAP Note 2362820 for more information about capture & replay, user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorization...

CVE-2018-2402

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, see SAP Note 2362820 for more information about capture & replay, user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorization...

CVE-2018-2402

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, see SAP Note 2362820 for more information about capture & replay, user credentials may be stored in clear text in the indexserver trace files of the control system. An attacker with the required authorization...

CVE-2018-2402

SAP HANA vulnerability CVE-2018-2402 affects the optional capture & replay feature in SAP HANA versions 1.00 and 2.00. The root cause is that user credentials can be stored in plaintext in the control system’s indexserver trace files, enabling an attacker with required authorizations on the contr...

CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

UBUNTU-CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

Security vulnerabilities fixed in Firefox 59 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...

Mitm6 - Pwning IPv4 Via IPv6

Mitm6 is a pentesting tool that exploits the default configuration of Windows to take over the default DNS server. It does this by replying to DHCPv6 messages, providing victims with a link-local IPv6 address and setting the attackers host as default DNS server. As DNS server, mitm6 will...

HDX Insight Data Not Captured by NetScaler MAS

Citrix ADM, formerly NetScaler MAS HDX Insight data not captured by NetScaler MAS...

NetScaler MAS Analytics Insight is Working But Some User Sessions or Data is Not Captured

NetScaler MAS Analytics Insight is working but some user sessions or data is not captured...

Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to...

PcapXray - A Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram

PcapXray is a Network Forensics Tool To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction. PcapXray Design Specification Goal: Given a Pcap File, plot a network diagram displaying hosts in the network,...