Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy chec...

Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1328 Windows: WLDP/MSHTML CLSID UMCI Bypass Platform: Windows 10 S thought should be anything with UMCI Class: Security Feature Bypass Summary: The enlightened lockdown policy check for COM Class instantiation can be bypassed in...

Mac OS X Local Javascript Quarantine Bypass youtube Vulnerability

Exploit for macOS platform in category local exploits Details Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions. Basically, Apple's Quarantine works by setting an extended attribute to downloaded...

CVE-2017-12707

A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow...

Cacti cross-site scripting vulnerability (CNVD-2017-26580)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the lib/html.php fil...

CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

CVE-2017-11114

The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

links -- denial of service

NIST reports: The putchars function in htmlr.c in Twibright Links 2.14 allows remote attackers to cause a denial of service buffer over-read via a crafted HTML file...

Cross site scripting

Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...

CVE-2016-7509

Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...

Microsoft Browser Information Disclosure (CVE-2017-8529)

An information disclosure vulnerability exists in Microsoft Edge and Internet Explorer. The vulnerability is due to Microsoft Edge improperly handling objects in memory. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted html file...

Cross site scripting

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

CVE-2017-9249

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

CVE-2017-9249

Cross-site scripting XSS vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be specified in the PATHINFO to readfile.php...

Microsoft Malware Protection Engine RCE (CVE-2017-0290)

Natalie Silvanovich and Tavis Ormandy of Google Project Zero found a pretty nasty bug in Microsoft Malware Protection Engine, allowing an attacker to execute arbitrary code as LocalSystem on any Windows computer running any Microsoft anti-malware product such as Security Essentials or Windows...

Microsoft OneDrive iOS App 8.13 Insecure URI Scheme Handling

A short demo video is available here: https://youtu.be/0jZdM9peVSk SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Insecure Handling Of URI Schemes product: Microsoft OneDrive iOS App vulnerable version: 8.13 fixed...

Microsoft Internet Explorer Memory Corruption (MS17-006: CVE-2017-0130)

A type confusion vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file...