96 matches found
Valve: [GoldSrc] Remote Code Execution using malicious WAD list in BSP file
Summary TEXInitFromWad function calls COMFileBase to get file name from a path into a buffer on the stack. Since COMFileBase does not have boundary checks and the buffer is small, long WAD file name can trigger a Stack Buffer Overflow, leading to arbitrary code execution. Steps to reproduce...
ABB CP635 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP635 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...
ABB CP651 HMI
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable from adjacent network/low skill level to exploit Vendor: ABB Equipment: CP651 HMI Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to prevent legitimate...
Valve: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution
A malformed .BSP can trigger an Access Violation on CS:GO that can lead to arbitrary code execution on a remote computer. I have attached a copy of the malformed .BSP which reliably triggers an Access Violation on CS:GO. Impact An attacker hosting a malicious server could compromise a remote clie...
Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities
Jetson and Tegra L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure...
bsp.com.fj XSS vulnerability
Vulnerable URL: http://www.bsp.com.fj/General/Search.aspx?q=1%2522%2527--%253E%253CSvg%2520O%256ELoad%253Dconfirm%25281%2529%253E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
bsp.com.pg XSS vulnerability
Vulnerable URL: http://www.bsp.com.pg/General/Search.aspx?q=1%2522%2527--%253E%253CSvg%2520O%256ELoad%253Dconfirm%25281%2529%253E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 478...
Counter Strike: Condition Zero - '.BSP' Map File Code Execution
!/usr/bin/env python Counter Strike: Condition Zero BSP map exploit By @DigitalCold Jun 11, 2017 E-DB Note: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42325.zip bsp-exploit-source.zip from binascii import hexlify, unhexlify from struct import pack, unpack...
SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
SAP Web Application Server 6.x/7.0 Error Page XSS
No description provided by source. source: http://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thes...
[DSECRG-11-010] SAP NetWeaver logon.html - XSS
DSECRG-11-010 SAP NetWeaver logon.html - XSS SAP NetWeaver BSP logon page has linked XSS vulnerability. Digital Security Research Group DSecRG Advisory DSecRG-11-010 Internal DSecRG-00127 Application: SAP NetWeaver Versions Affected: SAP NetWeaver SAPBASIS 620-730 Vendor URL: http://www.sap.com...
DSECRG-08-023.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...
[DSECRG-08-023] SAP Web Application Server XSS Security Vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-08-023 Application: SAP Web Application Server Versions Affected: Version 7.0 Vendor URL: http://SAP.com Bugs: XSS Exploits: YES Reported: 25.01.2008 Vendor response: 25.01.2008 Date of Public Advisory: 21.05.2008 Author: Digital Security...
SAP Web Application Server 6.x7.0 - Open Redirection
SAP Web Application Server 6.x7.0 - Open Redirection source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through...
SAP Web Application Server 6.x/7.0 - 'frameset.htm?sap-syscmd' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15361/info SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script...
SAP Web Application Server 6.x/7.0 - Open Redirection
source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter. A successful attack may...