27 matches found
PT-2023-4366 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Kernel, which is associated with insufficient access control. This vulnerability can be exploited by an attack...
New Research Paper: Pre-hijacking Attacks on Web User Accounts
In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release the results of the first of these projects. This research, led by independent security researche...
Unpatched Apple Zero-Day Allows Code Execution
A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it. For those not in the Apple camp, the macOS Finder is the default file manager and GUI...
Babuk Ransomware Builder Mysteriously Appears in VirusTotal
The Babuk ransomware gang’s source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. It’s unclear however just how that happened. According to a Wednesday posting from Malwarebytes, the operators of the ransomware – perhaps best-known for hitting t...
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...
Linux Kernel - 'AF_PACKET' Use-After-Free (1)
/ Source: https://blogs.securiteam.com/index.php/archives/3484 Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AFPACKET that can lead to privilege escalation. AFPACKET sockets “allow users to send or receive packets...
PotPlayer 1.7.x - Stack Buffer Overflow Vulnerability
Document Title: =============== PotPlayer 1.7.x - Stack Buffer Overflow Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2090 Video: https://www.youtube.com/watch?v=CZNVyll5n-k Release Date: ============= 2017-08-19 Vulnerability Laboratory ID VL-ID:...
Spotify - CSRF & Privilege Escalation Vulnerability
Document Title: =============== Spotify - CSRF & Privilege Escalation Vulnerability References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1691 Video: https://www.youtube.com/watch?v=4axUu5xUtjM Guest Article:...
Security researchers have found that Instagram vulnerability by the FaceBook executives, the threat-vulnerability warning-the black bar safety net
! An independent security researcher claimed that he had discovered Instagram in a series of security vulnerabilities and configuration flaws, by using these loopholes, he managed to get access stored on the Instagram servers sensitive data on the permissions; in him, to the relevant vendor...
T Mobile Internet Manager - DLL Hijacking (mfc71enudll)
Document Title: =============== T Mobile Internet Manager - DLL Hijacking mfc71enudll References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1434 Video: https://www.youtube.com/watch?v=C3PjVOxWvvw Advisory: http://www.vulnerability-lab.com/getcontent.php?id=1427 Release Date:...
Lazarus Guestbook 1.22 - Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...
GQ File Manager 0.2.5 - Multiple Vulnerabilities
GQ File Manager 0.2.5 - Multiple Vulnerabilities -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor...
GQ File Manager 0.2.5 - Multiple Vulnerabilities
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: GQ File Manager - Sql Injection - Cross Site Scripting Vulnerability's Date: 19/12/2014 Url Vendor: http://installatron.com/phpfilemanager Vendor...
ComSndFTP Server 1.3.7 Beta Remote Format String Overflow
No description provided by source. Title: ComSndFTP Server Remote Format String Overflow Vulnerability Software : ComSndFTP FTP Server Software Version : ComSndFTP 1.3.7 Beta Vendor: http://ftp.comsnd.com/ Vulnerability Published : 2012-06-07 Vulnerability Update Time : Status : Impact :...
Personal File Share HTTP Server Remote Overflow Vulnerability
Title: Personal File Share HTTP Server Remote Overflow Vulnerability Software : Personal File Share HTTP Server Software Version : UNKNOWN Vendor: http://www.srplab.com/ Vulnerability Published : 2013-04-28 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 5.0,...
Joomla JEvents 1.5.0 SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Author: Ur0b0r0x Tiwtte: @Ur0b0r0x Email: [email protected] Line: GreyHat Home: ur0b0r0x.blogspot.com Exploit Title: Joomla Component - JEvents 1.5.0 Sql Injectio...
Joomla LiveChat 2.0 XSS / SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Author: Ur0b0r0x Tiwtte: @Ur0b0r0x Email: [email protected] Line: GreyHat Home: ur0b0r0x.blogspot.com Exploit Title: Joomla Component - LiveChat 2.0 Multilpes...
Espacio Ecuador Cross Site Scripting / SQL Injection
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Author: Ur0b0r0x Tiwtte: @Ur0b0r0x Facboo: fb.com/omartaurus Email: [email protected] Line: GreyHat Home: http://cyberpunk-ur0x.blogspot.com/ Exploit Title: Espac...
LastClick Cross Site Scripting / SQL Injection
| | | | \ / | \ / | \ / \ \ / / | | | | | | | | | | | | | | | | | | \ V / | | | | /| | | | http://site.com/.vernota.php?id= Exploit/Comand/Sql= +union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26--+ Exploit/Comand/Xss= " Payload/Comand/Sql= tableschema=0x73616C61646...
brisbaneHosting - SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x...