Entrepreneur Job Portal Script 2.0.6 - 'jobsearch_all.php?rid1' SQL Injection

Exploit Title: Entrepreneur Job Portal Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/ Demo: http://freelancewebdesignerchennai.com/demo/job-portal/...

The Forrester Wave Ranks Imperva as a Leader for DDoS Mitigation Providers

Imperva has tracked the DDoS threat for some time now. Back in 2014 we saw the rise of DDoS botnets. In 2015, we revealed one of the first IoT-based DDoS attacks. Last year, we predicted and then documented one of the largest botnet-based DDoS attacks. DDoS mitigation, as it turns out, is the...

DEBIAN-CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2017-38465)

Mozilla Firefox is a popular WEB browser. An information disclosure vulnerability exists in Mozilla Firefox's handling of external SVG graphics, which can be exploited by a remote attacker to submit a special web page and trick the user into parsing it, which can crash the application and obtain...

CVE-2017-16612

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0...

CVE-2017-16612

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0...

Huawei Mate 9 Pro Memory Corruption Vulnerability

The Huawei Mate 9 Pro is a smartphone product from the Chinese company Huawei Huawei. The Huawei Mate 9 Pro suffers from a memory corruption vulnerability that can be successfully exploited by an attacker to crash the phone by tricking the user into installing a malicious mobile application that...

HikVision Wi-Fi IP Camera Wireless Access Point State Vulnerability

HikVision Wi-Fi IP cameras come with a default SSID "davinci", with a setting of no WiFi encryption or authentication. Depending on the firmware version, there is no configuration option within the camera to turn off Wi-Fi. If a camera is deployed via wired ethernet, then the WiFi settings won't ...

CVE-2017-16612

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0...

JBOSSAS 4.x Deserializer Vulnerability

Exploit for java platform in category web applications JBOSSAS 4.x Deserializer Vulnerability The MITRE CVE dictionary describes this issue as: https://access.redhat.com/security/cve/cve-2017-7504 HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is...

Diving Log 6.0 - XML External Entity Injection

Diving Log 6.0 - XML External Entity Injection + Exploit Title: Diving Log 6.0 XXE Injection + Date: 27-11-2017 + Exploit Author: Trent Gordon + Vendor Homepage: http://www.divinglog.de + Software Link: http://www.divinglog.de/english/download/ + Disclosed at: https://thenopsled.com/divinglog.txt...

CVE-2017-8120

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges...

CVE-2017-15528

Prior to v 7.6, the Install Norton Security INS product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target...

CVE-2017-12190

The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page reference is never dropped. This...

CVE-2017-12190

The biomapuseriov and biounmapuser functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bioaddpcpage function merges them into one, but the page reference is never dropped. This...

JBOSSAS 5.x/6.x 反序列化命令执行漏洞（CVE-2017-12149）

CVE-2017-12149 It was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization. This allows an attacker to execute arbitrary code via crafted serialized data. Find out more about CVE-2017-12149 from the MITRE CV...

CVE-2017-5708

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector...

Android Qualcomm Services elevation of privilege vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA, of which Qualcomm Services is a component. Qualcomm Services is a Qualcomm Services component developed by Qualcom...

Android Qualcomm Networking Subsystem Elevation of Privilege Vulnerability

Android on Google Pixel and Nexus is a Linux-based open source operating system for the Google Pixel and Nexus smartphones developed by Google Inc. and the Open Handset Alliance OHA.Qualcomm Networking The Qualcomm Networking subsystem is a networking subsystem developed by Qualcomm Incorporated...

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...