CVE-2017-14331

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell...

CVE-2017-14331

Summary (CVE-2017-14331): Extreme EXOS 16.x, 21.x and 22.x have a vulnerability where the “exsh restricted shell” protection can be bypassed, allowing an interactive shell. The affected software is Extreme EXOS; the root cause is bypassing the restricted-shell mechanism. The CVSS data (NVD) indic...

Extreme EXOS Security Bypass Vulnerability

Extreme EXOS is a new generation modular switch operating system from Extreme Networks. A security bypass vulnerability exists in Extreme EXOS versions 16.x, 21.x, and 22.x. The vulnerability can be exploited to bypass the 'exsh restricted shell' protection mechanism and gain access to the...

Career Portal 1.0 SQL Injection

Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Version: 1.0 Tested on...

Career Portal 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link:...

Career Portal 1.0 - SQL Injection

Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Version: 1.0 Tested on...

Career Portal 1.0 - SQL Injection

Career Portal 1.0 - SQL Injection Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link:...

Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)

A slow data siphon for MySQL/MariaDB using bitwise operation on printable ASCII characters, via a blind-SQL injection. Usage USAGE: blisqy.py --server --port --header --hvalue --inject --payload --dig --sleeptime Options: -h, --help show this help message and exit --server=WEBSERVER Specify host...

PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)

Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...

syncinteractive.com XSS vulnerability

Vulnerable URL: https://www.syncinteractive.com/portfolio.php?categoryid=1%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E=77 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. Impact A remote attacker coul...

PYSEC-2017-45

Cross-site scripting XSS vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

FFmpeg 'ivr_read_header()' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ivrreadheader' function in the libavformat/rmdec.c file in FFmpeg version 3.3.3, which stems from the program's failure to adequately detect EOF End ...

Shijiazhuang Times Interactive Technology Co., Ltd. website building system has SQL injection vulnerabilities

Times Interactive website builder is an enterprise website builder. Shijiazhuang Times Interactive Technology Co., Ltd. website builder system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Plasma - An Interactive Disassembler for x86/ARM/MIPS

PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api see an example below. The project is still in big development. wiki : TODO list and some documentation. It supports : architectures ...

NetScaler SD-WAN QOS and Application Rules

Citrix SD-WAN, formerly NetScaler SD-WAN Table of Contents Introduction QOS Components Transmit Modes Queue Depth IP Rules Application QOS rules with release 9.3 Basic Rules Basic guidance on Rules. Other Settings that affect Applications. Appendix A: Default Rules Breakdown Introduction The...

SQL injection vulnerability in news-details.php page of Interactive Creation website builder system

Interactive Creative Xiamen Digital Technology Co., Ltd. is a brand website construction company in Fujian Province, "Interactive Creative" is one of its independent brands. A SQL injection vulnerability exists in the news-details.php page of the Interactive Creative website builder system. An...

SQL injection vulnerability in class parameter of Interactive Creation website building system

Interactive Creative Xiamen Digital Technology Co., Ltd. is a brand website construction company in Fujian Province, "Interactive Creative" is one of its independent brands. A SQL injection vulnerability exists in the class parameter of Interactive Creative's website building system. An attacker...

CVE-2017-7947

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line...