3632 matches found
CVE-2019-3922
The CVE-2019-3922 entry involves the Alcatel Lucent I-240W-Q GPON ONT with firmware 3FE54567BOZJ19, vulnerable to a stack buffer overflow triggered by a crafted HTTP POST to /GponForm/fsetup_Form. The vulnerability is exploitable remotely and unauthenticated, potentially allowing arbitrary code e...
CVE-2019-3921
The Alcatel Lucent I-240W-Q GPON ONT using firmware version 3FE54567BOZJ19 is vulnerable to a stack buffer overflow via crafted HTTP POST request sent by a remote, authenticated attacker to /GponForm/usbForm?script/. An attacker can leverage this vulnerability to potentially execute arbitrary cod...
CVE-2019-0604
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-0594. Recent assessments: zeroSteiner at March 20,...
Bolt CMS 3.6.4 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-si...
Bolt CMS 3.6.4 - Cross-Site Scripting
Bolt CMS 3.6.4 - Cross-Site Scripting Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type :...
Bold CMS 3.6.4 Cross Site Scripting
Exploit Title: Bold CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bold CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-site Scripting Vulenrability : Stored X...
Craft CMS 3.1.12 Pro - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro...
Craft CMS 3.1.12 Pro - Cross-Site Scripting
Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro Vulernability Type : Cross-site Scripting...
Bolt CMS 3.6.4 - Cross-Site Scripting
Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-site Scripting Vulenrability : Stored X...
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6...
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting
Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6 hotfix 3 Overview The Serv-U FTP Server is vulnerable to a...
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and later Fixed Versions: since 1.4.2.20...
CVE-2019-1652
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
CVE-2019-1652
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper...
Denial Of Service (DoS)
php is vulnerable to denial of service. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extensio...
doitX 1.0 - 'search' SQL Injection
Exploit Title: doitX 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://mybizcms.com/ Software Link: https://codecanyon.net/item/doitx/23041037 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
Vidar and GandCrab: stealer and ransomware combo observed in the wild
We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we initially identified as Arkei turned out to be Vidar, a new piece of malware recently analyzed in detail by Fumik0 in his post: Let’s dig into Vidar...
Buffer overflow
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued...
CVE-2018-19862
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued...
CVE-2018-19862
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued...