CVE-2022-47908

Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

Fodcha DDoS Botnet Resurfaces with New Capabilities

The threat actor behind the Fodcha distributed denial-of-service DDoS botnet has resurfaced with new capabilities, researchers reveal. This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target,...

Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed whic...

SmarterMail Remote Code Execution Vulnerability

SmarterMail is the award-winning email, collaboration and group chat server that easily meets the needs of businesses of any size, from individual business owners to large corporations and enterprise organizations. With lower hardware requirements, superior stability and lower maintenance costs,...

RubyGems: Bundler's RCE with response using Marshal

A vulnerability was found in Bundler's dependency API endpoint, which uses Marshal serialization. This could allow for remote code execution if a client receives a specially crafted response. The impact is increased risk from specifying an untrusted source or man-in-the-middle attack...

Command Execution Vulnerability in Fastjson JtaTransactionConfig

fastJson is a json serialization tool produced by Alibaba . Fastjson JtaTransactionConfig has a command execution vulnerability that can be exploited by a remote attacker to construct attack code that triggers a remote code execution vulnerability and gain control of the server...

Router Exploit Shovel - Automated Application Generation For Stack Overflow Types On Wireless Routers

Automated Application Generation for Stack Overflow Types on Wireless Routers Router exploits shovel is an automated application generation tool for stack overflow types on wireless routers. The tool implements the key functions of exploits, it can adapt to the length of the data padding on the...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2019-12707)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.6.3, which originates from ...

Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it

I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...

Prototype Pollution

lutils-merge is vulnerable to prototype pollution. A lack of validation allows an attacker to inject arbitrary prototype objects to execute arbitrary code or cause a denial of service...

Integer overflow

Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash via vectors related to array allocation...

BanManager WebUI 1.5.8 - PHP Code Injection Vulnerability

Exploit for php platform in category web applications BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...

A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them, and the worse — the flaw can not be entirely fixed with any mere software update. The vulnerability resides in the w...

chatNow 0.0.0 Cross Site Scripting

Exploit Title: chatNow - Reflected XSS Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://chatnow.thiagosf.net/ Software Link: https://github.com/thiagosf/chatNow/archive/master.zip Version: Latest commit Tested on: Debian wheezy Vulnerability This...

CoreMail XT3.0 Cross Site Scripting

Application: CoreMail Versions Affected: XT3.0 Vendor URL: http://www.coremail.cn/ Bugs: Stored XSS Author:shack.liDBAPPSecurity Ltd Description: Coremail mail system was born in 1999, is widely used in network operators, large enterprises, government institutions, colleges and universities and...

About 1 5 years 5 months to repair the two 0day-vulnerability warning-the black bar safety net

Ticker 2 0 1 5 year 5 month 1 2 day, Microsoft pushed a 5-month patch day patch includes IE, Windows kernel, Windows kernel driver, Office and other components of the security updates. This month the repair of the two 0day vulnerabilities MS15-0 5 2 are fixed in the Windows kernel security featur...

Wix.com Cross Site Scripting

57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...

ProFTPD 1.3.0/1.3.0 a (mod_ctrls support) Local Buffer Overflow Exploit vulnerabilities and attack code analysis-vulnerability warning-the black bar safety net

Exploit code URL: ! 1, Operating environment: 1, The ProFTPD 1.3.0/1.3.0 a 2, the compiled ProFTPD,--enable-ctrls option must be open ./ configure --enable-ctrls 3, the local user need to have through the Unix Socket permission to connect 2, The Run parameters: revenge@darklight$ ./...

About apache+php-cgi mod attack-vulnerability warning-the black bar safety net

One, the origin of: 1, the attack code International well-known vulnerabilities to attack the code release mechanism exploit-db released one for apache+php attack code, The authors of the famous international hacker Kingcope it. See http://www.exploit-db.com/exploits/29290/ Attacks effect derived...

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...