Command Execution Vulnerability in Notepad++ 7.6.3

Notepad++ is a free plain text editor. A command execution vulnerability exists in Notepad++ 7.6.3, which can be exploited by an attacker to gain count server privileges...

Researcher Exploits Microsoft's Notepad to 'Pop a Shell'

A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system. The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was...

Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage...

With Yahoo and Paypal is related to two distinct vulnerabilities-vulnerability warning-the black bar safety net

! This article share with Yahoo and Paypal is related to two unique vulnerability, one for Yahoo IDOR vulnerability insecure direct object references, another for Paypal, DoS vulnerabilities, two vulnerabilities found are for the Indian security engineers, which found that principles and ideas ar...

Notepad++: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file

Summary: A stack buffer overflow in BabyGrid.cpp can lead to program crashes via a malicious localization file, when opening the Shortcut Mapper sub-menu Description: Setting a very long name attribute for specific xml tags in the nativeLang.xml will trigger a stack buffer overflow, due to missin...

Notepad++: Crash

1 Settings - Preferences - Print 2 insert to "Left part" field of "Header" block A500 Full string for paste consist in poc.txt 3 Click "Add" 4 Crash Crash info: 1c8.2dd8: Unknown exception - code c000041d !!! second chance !!! ERROR: Module load completed but symbols could not be loaded for npp.e...

Notepad++: No SearchEngine sanatizing can lead to command injection

Information: Summary: Notepad++ is vulnerable to a command injection vulnerability. Debug Info: Notepad++ v7.6.3 32-bit Build time : Jan 27 2019 - 17:20:30 Path : C:\Program Files x86\Notepad++\notepad++.exe Admin mode : ON Local Conf mode : OFF OS : Windows 10 64-bit Plugins : none Description:...

Notepad++: Insufficient sanitizing can lead to arbitrary commands execution

Information: Summary: Notepad++ is vulnerable to a command injection attack. Debug Info: Notepad++ v7.6.3 32-bit Build time : Jan 27 2019 - 17:20:30 Path : C:\Program Files x86\Notepad++\notepad++.exe Admin mode : ON Local Conf mode : OFF OS : Windows 10 64-bit Plugins : none Description: Let's...

Notepad++: Security check failure or stack buffer overrun (crash)

poc.py 1 Run poc.py 2 Open notepad++.exe 3 Go to "Define language..." 4 Use tab "Comment and Number" 5 Open 1stfield.txt and copy content to clipboard 6 Paste clipboard on "Comment line style in field Open" 7 Open 2ndfield.txt and copy content to clipboard 8 Paste clipboard on "Comment line style...

Notepad++: Stack overflow affecting "ext" field on stylers.xml configuration file

Summary: A stack buffer overflow vulnerability affects "ext" field into "stylers.xml" configuration file. "isInList" function doesn't check boundaries on word64 array. Description: Vulnerability src file: notepad-plus-plus/PowerEditor/src/MISC/Common/Common.cpp Vulnerability line: line 329 Variab...

Notepad++: Stack overflow in XML Parsing

Summary: A stack buffer overflow vulnerability has been detected in XML parsing functionality on Notepad++. That's due to the fact that invisibleEditView.getText function doesn't check buffer boundaries. Description: Vulnerability src file: notepad-plus-plus/PowerEditor/src/Notepadplus.cpp...

Zenmap (Nmap) 7.70 Denial Of Service

Exploit Title: Nmap 7.70 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: https://nmap.org/dist/nmap-7.70-setup.exe Tested Version: 7.70 ZenMap Tested on OS: Windows 7 32bit Description: This vunerability causes the program to crash and start to...

notepad-plus-plus.org XSS vulnerability

Open Bug Bounty ID: OBB-633166 Description| Value ---|--- Affected Website:| notepad-plus-plus.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Oracle PeopleSoft Products PeopleSoft Enterprise HCM Shared Components Component Unauthorized Operation Vulnerability

Oracle PeopleSoft is an enterprise human capital management solution from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise HCM Shared Components is one of the Human Capital Management HCM shared components. PeopleSof...

Notepad++ Portable Detection (Windows SMB Login)

SMB login and WMI file search based detection of Notepad++ Portable. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-2878

Vulnerability in the PeopleSoft Enterprise HCM Shared Components component of Oracle PeopleSoft Products subcomponent: Notepad. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...

CVE-2018-2878

CVE-2018-2878 affects Oracle PeopleSoft Enterprise HCM Shared Components, Notepad subcomponent, in PeopleSoft 9.2. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the HCM Shared Components, with successful attacks enabling unauthorized update/insert...

Jupyter Notebook JavaScript Malicious Fake File Vulnerability

Jupyter Notebook is a suite of open source web applications for creating and sharing code and illustrative text documents. A security vulnerability exists in Jupyter Notebook versions prior to 5.4.1. An attacker can exploit this vulnerability to execute JavaScript code in a notepad context with t...

iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service Exploit

Exploit for iOS platform in category dos / poc Exploit Title: TpwnT - iOS Denail of Service POC Date: 10-31-2017 Exploit Author: Russian Otter Ro Vendor Homepage: https://support.apple.com/en-us/HT208222 Version: 2.1 Tested on: iOS 10.3.2 - 11.1 CVE: CVE-2017-13849 """ -------------------------...

iOS &lt; 11.1 / tvOS &lt; 11.1 / watchOS &lt; 4.1 - Denial of Service

Exploit Title: TpwnT - iOS Denail of Service POC Date: 10-31-2017 Exploit Author: Russian Otter Ro Vendor Homepage: https://support.apple.com/en-us/HT208222 Version: 2.1 Tested on: iOS 10.3.2 - 11.1 CVE: CVE-2017-13849 """ ------------------------- CVE-2017-13849 TpwnT by Ro of SavSec...