CVE-2018-16376

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2encodepacket in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact...

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSFUPCASE filter...

Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel running in EL1 remains protected from exploit...

JDownloader 2 Beta Directory Traversal Vulnerability

Exploit for multiple platform in category web applications =begin Exploit Title: JDownloader 2 Beta Directory Traversal Vulnerability Zip Extraction Date: 2015-06-02 Exploit Author: PizzaHatHacker Vendor Homepage: http://jdownloader.org/home/index Software Link:...

JDownloader 2 Beta - Directory Traversal

JDownloader 2 Beta - Directory Traversal =begin Exploit Title: JDownloader 2 Beta Directory Traversal Vulnerability Zip Extraction Date: 2015-06-02 Exploit Author: PizzaHatHacker Vendor Homepage: http://jdownloader.org/home/index Software Link: http://jdownloader.org/download/offline Version: 117...

dedecms v5. 7 files contains lead to arbitrary code execution(tasteless into the background)-bug warning-the black bar safety net

Security box team www.secbox.cn today found the woven dream dedecms a code execution vulnerability, the vulnerability to execute arbitrary code caused getshell, the Affected versions:≤V5. 7SP1 official Edition2014-06-27 Overview: Security box team in the audit of the woven dream dedecms when foun...

帝友P2C借贷系统前台getshell#1

简要描述： 帝友P2C借贷系统前台getshell1 详细说明： 这次是帝友公司旗下出的另一套电子商务cms 不是帝友p2p！ 官方最新版本是 帝友P2C借贷系统V1.01 上传头像处存在getshell 已官方演示站做演示 已注册账号，账号密码都是test1a 访问 http://p2c.diyou.cc/?user&m=approve/safe 上传头像，抓包 修改数据包，插入一句话木马，修改后缀为php后缀 虽然回显500，但是phpshell已经上传了 dyupfiles/avatar/diyou/用户id.php 得到...

CuuMall 最新版本sql注入一枚

简要描述： CuuMall 最新版本sql注入一枚 详细说明： 感觉 CuuMall 的官网文件是不是被人改动了 还是本身就是个bug，不多说了 直接看代码 DetailsAction.class.php282-313 public function addpru $coo = new Cookie ; if $coo-isset c "GUESTCOOK" ."mall-m-name" $this-assign "waitSceond", 3 ; $this-assign "jumpUrl", "APP/Home/login" ; $this-error "请登录后收藏商品" ; ex...

CVE-2014-2866

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

CentOS Update for ruby CESA-2013:0612 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution

== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...

On HTC G2 Code Modification, Botnet Stats and Exploit Hub

Dennis Fisher and Paul Roberts discuss the controversy over the HTC G2 code modification, America’s supremacy in the rankings of bot-infested countries and the viability of the new Exploit Hub as a business. Subscribe to the News Wrap podcast on Podcast audio courtesy of The New Radio Tough Road...

FCrackZip 1.0 - Local Buffer Overflow (PoC)

Exploit Title: FCrackZip Local Buffer Overflow PoC Date: September 5th, 2010 Author: 0x6264 Software Link: http://oldhome.schmorp.de/marc/data/fcrackzip-1.0.tar.gz Version: 1.0 Tested on: Ubuntu 10.04 CVE : None Software Description: fcrackzip is a zip password cracker, similar to fzc, zipcrack a...

The word Trojan-free kill process-vulnerability warning-the black bar safety net

| In a further invasion of the server,the uploaded file will be the server to filter out,we upload WEBSHLL cannot run! To blue screen the most small ASP Trojan, for example. Be modified as follows. The original code is%execute request"cmd"% tag to modify the replacement down to...

FreeBSD 7.2 VFS/devfs race condition exploit

FreeBSD 7.2 and below including 6.4 are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. In contrast to pipe race condition, this vulnerability is actually much harder to exploit. Due to uninitalised value in devfsopen, following function is called with...

FreeBSD 7.2 - VFSdevfs Race Condition

FreeBSD 7.2 - VFSdevfs Race Condition if 0 FreeBSD 7.2 and below including 6.4 are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. In contrast to pipe race condition, this vulnerability is actually much harder to exploit. Due to uninitalised value in...

FreeBSD 7.2 VFS/devfs race condition exploit

Exploit for unknown platform in category local exploits ============================================ FreeBSD 7.2 VFS/devfs race condition exploit ============================================ Title: FreeBSD 7.2 VFS/devfs race condition exploit CVE-ID: OSVDB-ID: Author: Przemyslaw Frasunek Publishe...

CVE-2008-7096

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory...

CVE-2008-7096

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory...