CVE-2016-4864

H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @tcpiplab was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks you for reporting this!...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @eugui was able to demonstrate this vulnerability by crafting specially formatted URLs. Thanks @eugui !...

WordPress Plugin Car Rental System 2.5 - SQL Injection

Exploit Title: Car Rental System v2.5 Date: 28/03/2017 Exploit Author: TAD GROUP Vendor Homepage: https://www.bestsoftinc.com/ Software Link: https://www.bestsoftinc.com/car-rental-system.html Version: 2.5 Contact: infoattad.group Website: https://tad.group Category: Web Application Exploits 1...

mapr Information Disclosure

Hello, The mapr web frontend component creates an information disclosure vulnerability. During the setup of mapr the configure.sh script calls a function ConfigureWSRole: function ConfigureWSRole if $clientOnly -eq 0 -a $dontChangeSecurityPermissionsOn -eq 0 ; then ConfigureRunUserForWS fi This...

Publicly Attacked Microsoft IIS Zero Day Unlikely to be Patched

Microsoft is unlikely to patch a zero-day vulnerability in an older version of its Internet Information Services IIS webserver that’s been publicly attacked since last July and August. Two researchers from the South China University of Technology in Guangzhou posted a proof-of-concept exploit for...

U.S. Dept Of Defense: SQL Injection vulnerability in a DoD website

A Department of Defense webserver was vulnerable to a SQL injection attack that could have revealed sensitive information. @albinowax was able to demonstrate this vulnerability by crafting specially formatted URLs. Thank you!...

Miele Professional PG 8528 - Web Server Directory Traversal（CVE-2017-7240）

Risk Information: Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS Temporal Vector: CVSS2E:POC/RL:OF/RC:C CVSS Temporal Score: 3.9 Timeline: 2016-11-16 Vulnerability discovered 2016-11-10 Asked for security contact 2016-11-21 Contact with Miele product...

Miele Professional PG 8528 - Directory Traversal

Exploit for hardware platform in category web applications Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS...

CVE-2017-7240

An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information t...

CVE-2017-7240

An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information t...

Miele Professional PG 8528 - Directory Traversal

Miele Professional PG 8528 - Directory Traversal Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score:...

Miele Professional PG 8528 - Directory Traversal

Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2AV:N/AC:L/Au:N/C:P/I:N/A:N...

Microsoft Edge read:// urlhandler Information Disclosure Vulnerability (CVE-2017-0065 )

This exploit was reported to Microsoft and I was acknowledged for doing so. The exploit has been patched on March 14th 2017 under names cve-2017-0065 and MS17-007 and will not work if related patches are applied. Sourcecode is provided for educational purposes only. General This exploit requires...

Goahead webserver <= 2.1.8-path bypass-sensitive File Download vulnerability

1 Introduction Goahead webserver is an embedded OpenSource server that can be build on a lot of systems CE, Ecos, GNU/Linux, Lynx, MacOS, NW, QNX4, VXWORKS, Win32 and others. It is supported by a lot of companies that use it for their projects and it is also used like "base" for other webservers,...

BrainDamage - A fully featured backdoor that uses Telegram as a C&C server

A python based backdoor which uses Telegram as C&C server. /\ /.\ ,.-'/ ",'-., -^ /-^: | \ | \ | | | | | | | | Coded by: Mehul [email protected] -- Github: https://github.com/mehulj94 -- Twitter: https://twitter.com/wayfarermj -- For windows only | | | | | | | | | / / | | | | | '/ / |...

Design/Logic Flaw

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2016-8017

Special element injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows authenticated remote attackers to read files on the webserver via a crafted user input...

CVE-2016-8017

CVE-2016-8017 is a concrete vulnerability in McAfee VirusScan Enterprise for Linux (VSEL) up to version 2.0.3 where the web interface handles special elements (tplt) in user input, enabling an authenticated remote attacker to read files on the webserver. The underlying issue is a Special Element ...