iSelect 1.4 Local Buffer Overflow

Exploit developed using Exploit Pack v7.01 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: iSelect Affected value: -k, --key=KEY Version: 1.4.0-2+b1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program description:...

Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Exploit

Exploit for windows platform in category local exploits // Source: https://github.com/sensepost/ms16-098/tree/b85b8dfdd20a50fc7bc6c40337b8de99d6c4db80 // Binary: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41020.exe include include include include include...

GitHub Enterprise SQL injection vulnerability

作者：Orange 前言 GitHub Enterprise 是一款 GitHub.com 所出品，可將整個 GitHub 服務架設在自身企業內網中的應用軟體。 有興趣的話你可以從 enterprise.github.com 下載到多種格式的映像檔並從網頁上取得 45 天的試用授權! 安裝完成後，你應該會看到如下的畫面: 好!現在我們有整個 GitHub 的環境了，而且是在 VM 裡面，這代表幾乎有完整的控制權可以對他做更進一步的研究，分析環境、程式碼以及架構等等... 環境 身為一個駭客，再進行入侵前的第一件事當然是 Port Scanning! 透過 Nmap 掃描後發現 VM 上一...

CVE-2016-10033: the PHPMailer remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

PHP is an open source scripting language that is used to embed the HTML to do Web development. It has 9 million users, and is the many popular tools such as WordPress, Drupal, Joomla! Etc. This Monday a high-risk security update to solve the PHPMailer remote code execution vulnerability...

Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)

Microsoft Windows 8.1 x64 - RGNOBJ Integer Overflow MS16-098 // Source: https://github.com/sensepost/ms16-098/tree/b85b8dfdd20a50fc7bc6c40337b8de99d6c4db80 // Binary: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41020.exe include include include include inclu...

Android Security Bulletin—January 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

Blue Shield Web Page Tamper Protection System Has Arbitrary Source Code File Download Vulnerability

BlueShield Web Tamper Protection System is a web page tampering prevention product. Blueshield Web Tamper Protection System has an arbitrary source code file download vulnerability. As long as the php followed by %20, %2e, ::$DATA may download php files, allowing attackers to obtain the source...

Gratipay: User Enumeration

Dear Gratipay Team, there is a Username Disclosure of a user in your web application's Source Code . For futher detail i have enclosed the screenshot of the vulnerability . Please find the attachment !! Preventive Measure:: hide username fromm sourcr code Encrypt the username...

Nextcloud: Reflected XSS in U2F plugin by shipping the example endpoints

While running a RIPS scan against our instrumentalized source code it noticed that the file /apps/twofactoru2f/vendor/yubico/u2flib-server/examples/localstorage/index.php echoes on user input: F145451 I was first a tad confused because the examples have been removed from our Git repository, but t...

unsorted bin attack analysis-vulnerability warning-the black bar safety net

One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...

Edge SkateShop Blind SQL Injection

Exploit Title: Edge SkateShop Blind Sql Injection Date: 12/12/2016 Exploit Author: Andrea Bocchetti Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html Software Link: http://www.sourcecodester.com/sites/default/files/download/gebbz/edgesketch.zip Version : n/...

FreeBSD-SA-16:36.telnetd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:36.telnetd Security Advisory The FreeBSD Project Topic: Possible login1 argument injection in telnetd8 Category: core Module: telnetd Announced: 2016-12-06...

FreeBSD-SA-16:37.libc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:37.libc Security Advisory The FreeBSD Project Topic: linkntoa3 buffer overflow Category: core Module: libc Announced: 2016-12-06, revised on 2016-12-08...

Edge SkateShop - Authentication bypass

Edge SkateShop - Authentication bypass Exploit Title: Edge SkateShop Authentication Bypass Date: 6/12/2016 Exploit Author: Delilah Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html Software Link:...

New Large-Scale DDoS Attacks Follow Schedule

A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope. The attacks began Nov. 23 and ran for eight hours daily, similar to an average workday. The consistent attacks occurred for...

ShellcodeCompiler - Shellcode C/C++ Compiler for Windows

Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way. Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret...

Mail.ru: [element.mail.ru] /.svn/entries

В веб директории сайта содержится папка от Subversion. Теоретически это дает раскрытие исходных кодов, но в данном случае файлы с расширением .php.svn-base тоже исполняются веб-сервером. Пример: https://element.mail.ru/.svn/entries 10 dir 14...

SonicWALL Global Management System File Disclosure

File disclosure vulnerability in SonicWALL Global Management System GMC service Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Chrome the improper use of Flash message loop leads to the UXSS Vulnerability, CVE-2016-1631）

Author: Avfisher@network sharp knife 0x00 Preface This writing comes from a few days ago a buddy sent me a bug link to let the author help explain the vulnerability principle, in order to facilitate the partner understanding and left notes for future reference and then write this article. This...

PHP 'ext/phar/phar_object. c' heap overflow vulnerability, CVE-2016-4342）

Parse . tar/. zip/. phar file, the stack boundary condition control is not strict, leading to possible heap overflow. Create a new empty file"aaaa"0 byte, packaged into a "aaaa. tar"file is not compressed before the aaaa file size is 0 it. By PharFileInfo object getContent method to get the aaaa...