CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11757

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

CVE-2018-11756 affects the PHP Runtime for Apache OpenWhisk when used as a Docker action based on tags such as openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (and older). The vulnerability allows a remote attacker to overwrite the source code of a function executing inside the...

CVE-2018-11757

CVE-2018-11757 affects Docker Skeleton Runtime for Apache OpenWhisk. A Docker action using openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. The issue is described in multiple so...

CVE-2017-9638

CVE-2017-9638 affects Mitsubishi Electric Europe B.V. E-Designer, version 7.52 Build 344. The vulnerability is a stack-based buffer overflow in six code sections that can lead to arbitrary code execution, data integrity compromise, denial of service, and system crash. Connected sources (ICS-CERT)...

WordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS

1 Unauthenticated file/directory deletion Vulnerability exists in a file 'includes/process.php' where the user input eventually goes to PHP unlink or rmdir functions. We can give any file path or directory here. We can even delete the whole wordpress site. In my POC exploit, I'm just deleting the...

USBDriveby Device Can Install Backdoor, Override DNS Settings in Seconds

Samy Kamkar has a special talent for turning seemingly innocuous things into rather terrifying attack tools. First it was an inexpensive drone that Kamkar turned into a flying hacking platform with his Skyjack research, and now it’s a $20 USB microcontroller that Kamkar has loaded with code that...

Miscellaneous memory safety hazards (rv:7.0 / rv:1.9.2.23) — Mozilla

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code...

InTerra Blog Machine 1.70 Shell

====================================== InTerra Blog Machine Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered By : Inj3ct0r + Site : Inj3ct0r.com + support e-mail :...

X-Lite Missing Content-Type DOS PoC

No description provided by source. /main.cpp/ include stdio.h include string using namespace std; ifdef WIN32 include winsock2.h pragma commentlib, "ws232.lib" define close closesocket define writea,b,c senda, b, c, 0 define writetoa,b,c,d,e sendtoa, b, c, 0, d, e define reada,b,c recva, b, c, 0...

Campsite 2.6.1 - user.php?g_documentRoot Remote File Inclusion

Campsite 2.6.1 - user.php?gdocumentRoot Remote File Inclusion source: https://www.securityfocus.com/bid/23874/info Campsite is prone to multiple remote file-include vulnerabilities. Exploiting this issue allows remote attackers to execute code in the context of the webserver. This issue affects...

PHP Labs - .proFile File URI Cross-Site Scripting

PHP Labs - .proFile File URI Cross-Site Scripting source: https://www.securityfocus.com/bid/13282/info PHP Labs proFile is prone to a cross-site scripting vulnerability. As a result, attackers may embed hostile HTML and script code in a malicious link to the affected application. If the link is...

BlackJumboDog FTP Server 3.6.1 - Remote Buffer Overflow

/ 6.9.04|www.Delikon.de|Delikon BlackJumboDog FTP Server Buffer Overflow version 3.6.1 http://www.securiteam.com/windowsntfocus/5AP040ADPW.html Thx to Chew Keong TAN C:\Codes\blackjumbodog\Releasebjdexploit 192.168.0.3 21 klein.exe BlackJumboDog FTP Server Buffer Overflow version 3.6.1...

JPortal SQL Injects

Jportal is a portal system, quite commonly used: Google Results 1 - 10 of about 56,100 for "powered by jportal". 0.22 seconds Homepage: http://jportal2.com/ I've read its code and found: in module/print.inc.php: function artprint .... $query = "SELECT FROM $arttbl WHERE id=$id"; ... What to say? ...

WU-FTPD 2.6.0 - Remote Format Strings

WU-FTPD 2.6.0 - Remote Format Strings / 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible f...

CVE-1999-0879

CVE-1999-0879 describes a buffer overflow in WU-FTPD and related FTP servers that allows remote attackers to gain root privileges by exploiting macro variables in a message file. The vulnerability affects the FTP server software in the late 1990s era; multiple sources (including Red Hat CVE refer...