Code injection

The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...

CVE-2018-7213

The Password Manager Extension in Abine Blur 7.8.242 before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks...

CVE-2014-9502

Multiple cross-site request forgery CSRF vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks...

CVE-2014-9502

Multiple cross-site request forgery CSRF vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks...

IBM Cognos Analytics Security Bypass Vulnerability

IBM Cognos Analytics formerly known as Cognos BI is a suite of business intelligence software from the American company IBM. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A security...

HPSBHF03576 rev. 3 - Intel AMT MEBx Bypass

Potential Security Impact Elevation of Privilege/Information Disclosure. Reported by: F-Secure, Google VULNERABILITY SUMMARY Un-provisioned Intel® vPro™ platforms containing Intel® Active Management Technology Intel® AMT are vulnerable to unauthorized local provisioning via physical access. The...

Cobham Sea Tel Security Bypass Vulnerability

Cobham Sea Tel is a suite of wireless communication terminals from Cobham UK. A security bypass vulnerability exists in Cobham Sea Tel version 121 build 222701. A remote attacker can bypass authentication by sending a direct request to the MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html,...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

CVE-2018-5267

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html...

WordPress Admin Menu Tree Page View 2.6.9 CSRF / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

creditcardmenu.com XSS vulnerability

Open Bug Bounty ID: OBB-461679 Description| Value ---|--- Affected Website:| creditcardmenu.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

Sony Playstation 4 4.05 FW - Local Kernel Exploit

Exploit for bsd platform in category local exploits PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...

Zomato: [www.zomato.com] Privilege Escalation - /php/restaurant_menus_handler.php

Introduction In the following ██████████ the endpoint /php/restaurantmenushandler.php was found. This endpoint is meant solely to be accessible for admins, however due to insufficient protections normal users can access this endpoint too. This results in any Zomato user being able to edit and...

Dr0p1t-Framework 1.3.2.1 - A Framework That Creates An Advanced FUD Dropper With Some Tricks

Have you ever heard about trojan droppers ? In short dropper is type of malware that downloads other malwares and Dr0p1t gives you the chance to create a stealthy dropper that bypass most AVs and have a lot of tricks. Features + Generated executable properties: The executable size is smaller...

TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change

TeamViewer Permissions Hook V1 --- A proof of concept injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions. Features As the Server - Enables extra menu item options on the right side pop-up menu. Most useful so far to enable the "switc...

Microsoft Windows win32k Menu Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

Fedora 26 : qt5-qtwebengine (2017-9a7e562fca)

An update of QtWebEngine to the security and bugfix release 5.9.2, including : Chromium Snapshot : - Security fixes from Chromium up to version 61.0.3163.79 Including: CVE-2017-5092, CVE-2017-5093, CVE-2017-5095, CVE-2017-5097, CVE-2017-5099, CVE-2017-5102, CVE-2017-5103, CVE-2017-5107,...

UserPro <= 4.9.17 - Authentication Bypass

The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...

CVE-2017-10948

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...