PT-2020-12131 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns how comments are handled in article.php, specifically through a vulnerable function in include/functions-article.php. This allows attackers to execute Stored Blind...

CVE-2020-7950

meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call...

Omron CX-Supervisor

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Omron Equipment: CX-Supervisor Vulnerability: Use of Obsolete Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure, total compromise of...

graphite.composer.views.send_email vulnerable to SSRF

Impact sendemail in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and the...

Hardcoded credentials

Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a...

Command injection

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

Command injection

An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request to test if email credentials and hostname sent to the device work...

Input validation

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the "NewInMessage" SOAP parameter passed with a huge payload results in...

BoF-Challenge1

This is an easy challenge based on a Buffer Overflow, you have to reach the secretFunction in order to win. include include // Uncalled secret function // 00000000004005b6 void secretFunction printf"Congratulations!\n"; printf"You have entered in the secret function!\n"; return; // Vulnerable...

Valve: GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE

Description The bug is triggered by 2 packets. First one is svcdeltadescription which describes memory layout of such structures as eventt, weapondatat, ... It is sent as a list of fields' descriptions: type, offset and others. Next, DELTAParseDelta fills these structures when corresponding delta...

WordPress Strong Testimonials 2.31.4 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Strong Testimonials Plugin Multiple XSS Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Strong Testimonials plugin Language: PHP Version: 2.31.4 and below Vendor Status:...

WordPress Gwolle Guestbook 2.5.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Advisory Title: WordPress Gwolle Guestbook Plugin XSS Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Gwolle Guestbook plugin Language: PHP Version: 2.5.3 and below Vendor Status: Vendor...

NASA CFITSIO `ffghbn` and `ffghtb` Stack Overflow Code Execution Vulnerabilities

Summary Exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this...

Double free

The decompileIF function util/decompile.c in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file...

WordPress Ultimate Product Catalog 4.2.24 Plugin - PHP Object Injection Exploit

Exploit for php platform in category web applications Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...

Simple Slideshow Manager <= 2.3 – Multiple Vulnerabilities

The Simple Slideshow Manager WordPress plugin was affected by security vulnerability. 3.1 Cross-Site Scripting Vulnerable Function: echo Vulnerable Variable: $GET'name' Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=Acurax-Slideshow-AddImages&name="alert42 3.2 Cross-Site...

WordPress All In One Schema.org Rich Snippets 1.4.1 XSS

DefenseCode ThunderScan SAST Advisory WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability Advisory ID: DC-2017-01-002 Advisory Title: WordPress All In One Schema.org Rich Snippets Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Softwar...

CVE-2014-9845

CVE-2014-9845 : ImageMagick’s ReadDIBImage function (coders/dib.c) is vulnerable to a denial of service by processing a corrupted DIB file. The vulnerability exists in the ImageMagick code path that reads DIB images. The connected sources confirm the affected component and the crash outcome but d...

DEBIAN-CVE-2016-7914

The assocarrayinsertintoterminalnode function in lib/assocarray.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service invalid pointer dereference and out-of-bounds read v...

Rockwell Automation MicroLogix 1100 PLC Overflow Vulnerability

OVERVIEW David Atch of CyberX has identified a stack-based buffer overflow vulnerability in Rockwell Automation’s Allen-Bradley MicroLogix 1100 programmable logic controller PLC systems. Rockwell Automation has produced a new firmware version to mitigate this vulnerability. This vulnerability cou...