VK.com: XSS в upload.php

Добрый вечер! Раскрутил интересную xss на upload.php. Демо тут или тут. Как все было? Увидел интересный экшн upload.php?act=transport, который служит для загрузки нарисованного граффити в документы. Глаз зацепился за вызов функции eval в строке 25. Обратите внимание на параметр callback, значение...

Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)

Exploit for ruby platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Development Web Console v2 Code Execution', 'Description' =...

Informatica: [marketplace.informatica.com] - XXE

Request: POST /services/v2/rest/wall/new/count HTTP/1.1 Host: marketplace.informatica.com Connection: keep-alive Content-Length: 249 Accept: application/json, text/javascript, / X-J-Token: no-user X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64 AppleWebKit/537.36...

Open Source Social Network 3.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version https://www.opensource-socialnetwork.org/downloads/ Link: ossn-v3.6-1443545762.zip Vendor Contact: https://www.opensource-socialnetwork.org/contact Vulnerability...

Centreon 2.6.1 Shell Upload

Centreon 2.6.1 Unrestricted File Upload Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and...

h5ai < 0.25.0 - Unrestricted Arbitrary File Upload

!/usr/bin/env python Exploit Title: h5ai 0.25.0 Unrestricted File Upload Date: 21 September 2015 Exploit Author: rTheory Vendor Homepage: https://larsjung.de/h5ai/ Vulnerable Software Link: https://web.archive.org/web/20140208063613/http://release.larsjung.de/h5ai/h5ai-0.24.0.zip Vulnerable...

Mozilla Firefox < 39.0 Multiple Vulnerabilities

Binary data 8855.prm...

Design/Logic Flaw

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object...

CVE-2015-4492

CVE-2015-4492 describes a use-after-free vulnerability in Mozilla Firefox’s XMLHttpRequest::Open implementation (SharedWorker context). The issue could let a remote attacker run arbitrary code by inducing a victim to visit a crafted page that triggers recursive open() calls on an XMLHttpRequest i...

CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2702-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2702-1 advisory. Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley, Chris Coulson, and Eric Rahm discovered multiple memory safety issues in Firefox. ...

Mozilla: Use-after-free in XMLHttpRequest with shared workers (MFSA 2015-92)

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object...

CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object...

Use-after-free in XMLHttpRequest with shared workers — Mozilla

Security researcher Looben Yang discovered a use-after-free vulnerability when recursively calling .open on an XMLHttpRequest in a SharedWorker...

UBUNTU-CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-79 Miscellaneous memory safety hazards rv:40.0 / rv:38.2 MFSA 2015-80 Out-of-bounds read with malformed MP3 file MFSA 2015-81 Use-after-free in MediaStream playback MFSA 2015-82 Redefinition of non-configurable JavaScript object properties MFSA 2015-83...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2656-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2656-1 advisory. Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a...

Ubuntu: Security Advisory (USN-2656-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox/Thunderbird XMLHttpRequest Memory Misreference Vulnerability

Mozilla Firefox is an open source web browser.Thunderbird is a mail application. A memory misreference vulnerability exists in Mozilla Firefox/Thunderbird when using XMLHttpRequest in conjunction with a shared or dedicated worker, which could be exploited by a remote attacker to construct a...