3785 matches found
Apple macOS Sierra IOAcceleratorFamily Component Memory Corruption Vulnerability
Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers.IOAcceleratorFamily is one of the IO acceleration management components. A security vulnerability exists in the IOAcceleratorFamily component in Apple macOS Sierra versions prior to 10.12.2. An attacker can...
WinAPI User Hunter: hunter
WinAPI User Hunter During Red Team engagements it is common to track/hunt specific users. Assuming we already have access to a desktop as a normal user no matter how, always “assume compromise” in a Windows Domain and we want to spread laterally. We want to know where the user is logged on, if he...
Microsoft Internet Explorer 11 MSHTML - CGeneratedContent::HasGeneratedSVGMarker
Exploit for windows platform in category dos / poc window.onload = function document.getElementsByTagName"iframe"0.src = "repro-iframe.html"; Description Internally MSIE uses various lists of linked CTreePos objects to represent the DOM tree. For HTML/SVG elements a CTreeNode element is...
Kernel Address Space Layout Randomization Recovery Software
Kernel Address Space Layout Randomization Recovery Software KASLRfinder is a small utility that can be used to find where in memory the Windows 10 kernel and its drivers are loaded – despite the addresses being randomized by Kernel Address Space Layout Randomization KASLR. The utility can be run ...
Microsoft Internet Explorer 11 - MSHTML 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion
window.onload = function document.getElementsByTagName"iframe"0.src = "repro-iframe.html"; Description Internally MSIE uses various lists of linked CTreePos objects to represent the DOM tree. For HTML/SVG elements a CTreeNode element is created, which embeds two CTreePos instances: one tha...
CVE-2016-7214
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted...
HP ThinPro Local Elevation of Privilege Vulnerability
HP ThinPro is a thin client device from Hewlett-Packard HP in the United States. A security vulnerability exists in the Keyboard Layout Control Panel and Virtual Keyboard application on the HP ThinPro operating system. An attacker could exploit the vulnerability to locally gain unauthorized acces...
WordPress Page Layout Builder Plugin < 2.0.0 Reflected XSS Vulnerability - Active Check
The WordPress Page Layout Builder Plugin is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Bypassing ASLR in 60 Milliseconds
Address Space Layout Randomization was a champion hardening technology introduced in most major desktop and mobile operating systems as a mitigation against memory-based code-execution attacks. Bypassing ASLR, however, has become somewhat of a parlor game for attackers and white-hat researchers,...
Configuring Multi Language Keyboard Layout for the session in Receiver for HTML5 and Receiver for Chrome
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article describes how to configure Multi Language keyboard layout in Receiver for HTML5 and...
Published Windows Explorer does not retain icon size and layout settings with Profile Management enabled.
Under certain circumstances, users may find that some Windows Explorer settings are not retained after closing a published Windows Explorer session. These settings are saved in the registry under HKEYCURRENTUSER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\Bags...
Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability
Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...
CVE-2016-3262
Graphics Device Interface aka GDI or GDI+ in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync...
Wordpress page-layout-builder plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . page-layout-builder is one of the page responsive plugin . A cross-site scripting vulnerability exists in version...
Microsoft Internet Explorer Table Layout Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2016-1000141
Reflected XSS in wordpress plugin page-layout-builder v1.9.3...
CVE-2016-1000141
Reflected XSS in wordpress plugin page-layout-builder v1.9.3...
Cross site scripting
Reflected XSS in wordpress plugin page-layout-builder v1.9.3...
CVE-2016-1000141
Reflected XSS in wordpress plugin page-layout-builder v1.9.3...
CVE-2016-1000141
The WordPress Page Layout Builder Plugin (v1.9.3) contains a reflected cross-site scripting (XSS) vulnerability in the Page Layout Builder. The Nuclei/NVD data and WP vulnerability templates indicate the issue affects the plugin’s page-layout-builder component, with CVSS v3.0 base score 6.1 (vect...