CVE-2016-8488

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756...

CVE-2016-8484

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823575...

A Token’s Tale

Posted by James Forshaw currently impersonating NT AUTHORITY\SYSTEM. Much as I enjoy the process of vulnerability research sometimes there’s a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex...

CUUMALL 注入 5-8

简要描述： 来了个新厂商。 挖一下把。 开放+封闭源代码 封闭源代码，普通用户使用加密后的代码，付费用户使用开放的源代码，使商城更安全 对于我这种屌丝只能用免费版 就是zend后的代码。 不过还是有几个文件没zend。 就只看这几个文件了。 详细说明： 第五处 kuaiqian/receivemall.php中 $dealTime=trim$REQUEST'dealTime'; //获取实际支付金额 ///单位为分 ///比方 2 ，代表0.02元 $payAmount=trim$REQUEST'payAmount'; //获取交易手续费 ///单位为分 ///比方 2 ，代表0.02元...

CUUMALL 注入 1-4

简要描述： 来了个新厂商。 挖一下把。 开放+封闭源代码 封闭源代码，普通用户使用加密后的代码，付费用户使用开放的源代码，使商城更安全 对于我这种屌丝只能用免费版 就是zend后的代码。 不过还是有几个文件没zend。 就只看这几个文件了。 详细说明： 找了几个没zend的文件来看看 。 第一处 ali/notifyurl.php中 $alipayNotify = new AlipayNotify$aliapyconfig; $verifyresult = $alipayNotify-verifyNotify; if$verifyresult //验证成功...

Scientific Linux Security Update : jdk-1.6.0 on SL 5.0 - 5.8 (i386 x86_64) (20130205)

Multiple fixes. CVE-2012-1541, CVE-2012-3213, CVE-2012-3342, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435,...

Cisco WRV210 null pointer dereference

Exploit for windows platform in category dos / poc ===================================== Cisco WRV210 null pointer dereference ===================================== / 2010-09-24 by Paolo j5r9pn3lka yahoo dot com Product: Cisco WRV210 Wireless-G VPN Router - RangeBooster Type: denial of service...

TekBase All-in-One 3.1 - Multiple SQL Injections

Author: n3wb0ss Date: 15/06/09 Contact: [email protected] Software: TekBase All-in-One 3.1 Vendor: tekbase.de Example: http://demo.tekbase.de/ Vendor contacted: No Risk: High I found this website on a german board, looking for another script. Looks to me, like a...

MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability

Summary The Month of PHP Bugs starts with a PHP 4 security vulnerability that exploits a problem known for many years among the PHP developers. When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will resul...

[VSA0308] Half-Life AMX-Mod remote (root) hole

void.at Security Advisory VSA0308 - mailto:crew at void dot at AMX1 is a plugin for the "Half-Life Server", hosting the most popular online game today, "Counter-Strike", among others. Overview ======== Due to a format string bug in AMX, it is possible for a remote attacker who knows the...

eXtremail Remote Format String ('s)

Bugtraq readers, eXtremail is a free integrated pop3/smtpd mail daemon for Linux x86, although it is free it is closed sourced software. It has been found that the majority of the newer versions are vulnerable to a remotely exploitable format string condition. The following versions are confirmed...

Buffer overflows in Skyline/SpinBox client

There are some buffer overflows in SpinBox/1.1 from the spinserver.conf. SpinBox is an SSI/cgi-tool used by advertisement companies, made by Skyline. Since this is closed source software, I can't post the sources. The buffer overflows are mostly in the query string strcat and strcpy instead of...