CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

ElasticSearchGroovy script remote code execution vulnerability emergency overview-vulnerability warning-the black bar safety net

! Know Chong Yu security research group 2 0 1 5 . 0 3 . 0 5 First, the vulnerability described in ElasticSearch is a JAVA development search analysis engine. 2 0 1 4 years, had been exposed by a remote code execution vulnerability, CVE-2 0 1 4-3 1 2 0, the vulnerability appears in the script quer...

Threat Outbreak Alert RuleID11845: Email Messages Distributing Malicious Software on October 5, 2014

Medium Alert ID: 35947 First Published: 2014 October 6 14:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11845 may contain the following files: Name |...

Mango cloud KODExlporer design flaws lead to arbitrary code execution-vulnerability warning-the black bar safety net

http://www.wooyun.org/bugs/wooyun-2014-066056 About the content: http://www.kalcaddle.com The test account permissions: default The problem is in the renaming. I upload. php file is not executed, ok, then change suffix to. ph After a successful upload, 改名.php, tips no limit. Well, 改名.php ,rename ...

CmsEasy_5.5_UTF-8_20140420 存在存储型xss 可打管理员和平行用户

简要描述： CmsEasy5.5UTF-820140420 存在存储型xss 可打管理员和平行用户 详细说明： 第一种情况（攻击管理员）: 注册用户后，然后访问/CmsEasy5.5UTF-820140420/uploads/bbs/add-archive.php?cid=1 进行发帖，其中主题填写： " oninput=alert1 然后登陆管理员，如图所示: 点击"操作"底下的编辑，然后，让管理员发现问题的时候，对其内容进行删除修改时候，抽发xss 如图所示： 第二种情况（攻击平行用户）:...

shopex register any user-defined pre-Deposit of balance or integration-vulnerability warning-the black bar safety net

Brief description: shopex in the registered user is present when the validation is not strict, leading to the time of registration can be freely defined the pre-Deposit balances or credits such as the contents of the field Detailed description: 在 文件 \core\shop\controller\ctl.passport.php if !$ in...

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities

---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...

Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)

Exploit for windows platform in category dos / poc !/usr/bin/python Title: Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS Poc. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Software link: http://www.cyclope-series.com/download/index.aspx?p=2 Date...

Cyclope Internet Filtering Proxy Cross Site Scripting

!/usr/bin/python Title: Cyclope Internet Filtering Proxy - Stored XSS Vuln. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Software link: http://www.cyclope-series.com/download/index.aspx?p=2 Date Found: Oct 20th 2011 Tested on: Windows XP SP3 Professional /...