PrinceXML Wrapper Class Command Injection

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using prince in server applications web applications. http://www.princexml.com/download/wrappers/ Taking a quick look at the PHP class, there are likely numerous command injection...

The vulnerability of the Cisco Unified Communications Manager software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025 and later, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the Bash package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...

The vulnerability of Cisco IPS software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco Nexus 1000V software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

Vulnerability of Cisco Nexus 5000 software, allowing attackers to access confidential information

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco Nexus 1000V software allows a malicious individual to gain access to confidential information.

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco IPS software allows a malicious actor to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by manipulating environment variables. Security researchers have confirmed that this...

Vulnerability of Cisco ACS software, allowing a malicious individual to access confidential information

The GNU Bash command shell, as of version 4.3 bash43-025, incorrectly handles lines that follow the declaration of a specially crafted function, which is exported as a variable. This allows a malicious actor to read and write arbitrary files, as well as perform other unconfirmed actions. Security...

The vulnerability of Cisco ACS software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...

The vulnerability of Cisco Nexus 7000 software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

The vulnerability of the Cisco Nexus 5000 software allows a malicious individual to execute arbitrary code.

The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that this...

The vulnerability of the GNU Bash command-line interpreter allows a malicious actor to cause a service failure or execute arbitrary code.

A vulnerability in the GNU Bash software, related to memory errors during the execution of the parce.y library’s redirection function. Exploiting this vulnerability allows a malicious actor to trigger service failures by manipulating input data. It also potentially enables the execution of...

The vulnerability of the GNU Bash command-line interpreter allows a malicious actor to cause a service failure or execute arbitrary code.

A vulnerability in the GNU Bash software allows for buffer overflows due to errors related to the use of a one-off equivalent of conditional statements. This vulnerability exists in the readtokenword function of the parce.y library. Exploiting this vulnerability enables a malicious actor to cause...

The vulnerability of the GNU Bash command-line interpreter allows a malicious actor to cause a service failure or execute arbitrary code.

The vulnerability of the GNU Bash command-line interpreter arises from errors in the processing of input data during syntax analysis of code. Exploiting this vulnerability allows a malicious individual to execute arbitrary code with the privileges of the current user whenever the command-line...

Skype For Business 2013 User Enumeration

Exploit Title: Skype for Business 2013 user enumeration timing attack Date: 2016-06-08 Exploit Author: nyxgeek Vendor Homepage: https://www.microsoft.com Version: Skype for Business 2013 Skype for Business 2013 is vulnerable to a timing attack that allows for username enumeration When Skype/Lync ...

Phishing Template Generation Made Easy: SimplyTemplate

Phishing Template Generation Made Easy. The goal of this project was to hopefully speed up Phishing Template Gen as well as an easy way to ensure accuracy of your templates. All templates will provide you with a small meta tag. This tag will help you quickly identify the capabilities of the modul...

Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload

function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://localhost/admin/adminfmuploadfiles.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8"; xhr.setRequestHeader"Accept-Language", "en-US,en;q=0.5";...

Firefox Security Toolkit - A Tool that Transforms Firefox Browsers into a Penetration Testing Suite

A tool that transforms Firefox Browsers into a penetration testing suite How? It downloads the most important extensions, and install it on your browser. The used extensions has been chosen by a survey among the information security community. Based on it's results, Firefox Security Toolkit was...