Apache NiFi 1.0.0 / 1.1.0 Cross Site Scripting Vulnerability

Exploit for multiple platform in category web applications CVE-2016-8748: Apache NiFi XSS vulnerability in connection details dialogue Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache NiFi 1.0.0 Apache NiFi 1.1.0 Description: There is a cross-site scripting...

CVE-2015-1860 analysis: Qt module for processing GIFs cause a crash-bug warning-the black bar safety net

Vulnerability background Qt is a cross-platform graphical interface programming Framework, and its version is less than 4. 8. 7 and 5. x is less than 5. 4. 2 analytical picture of the process for cross-border inspections of improper handling, will result in the memcpy of the process occurs out of...

Legal Robot: Amazon Bucket Accessible (http://legalrobot.s3.amazonaws.com/)

Seeing your s3 Amazon bucket, the problem is, visiting your amazon bucket will shows the files on the bucket, while secure bucket would bring up an access denied page. I have attached Screenshots comparing your bucket with secure bucket to show you what a secure bucket looks like and where the...

gitlab -- privilege escalation via "impersonate" feature

GitLab reports: During an internal code review, we discovered a critical security flaw in the "impersonate" feature of GitLab. Added in GitLab 8.2, this feature was intended to allow an administrator to simulate being logged in as any other user. A part of this feature was not properly secured an...

FreeBSD : libssh -- weak Diffie-Hellman secret generation (6b3591ea-e2d2-11e5-a6be-5453ed2e2b49)

Andreas Schneider reports : libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 102...

libssh: man-in-the-middle

libssh versions 0.1 and above have a bits/bytes confusion bug and generate the an anormaly short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024 and 2048 bits...

libssh -- weak Diffie-Hellman secret generation

Andreas Schneider reports: libssh versions 0.1 and above have a bits/bytes confusion bug and generate an abnormally short ephemeral secret for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. The resulting secret is 128 bits long, instead of the recommended sizes of 1024...

SOLIDserver 5.0.4 Local File Inclusion

Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserver login Date: 17 Feb 2016...

SOLIDserver <= 5.0.4 - Local File Inclusion

Exploit for php platform in category web applications Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserve...

SOLIDserver 5.0.4 - Local File Inclusion

SOLIDserver 5.0.4 - Local File Inclusion Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserver login Date:...

SOLIDserver &lt; 5.0.4 - Local File Inclusion

Title: SOLIDserver =5.0.4 - Local File Inclusion Vunerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: SOLIDserver Tested Version: : 5.0.4 and 4.0.2 Vendor: efficient IP http://www.efficientip.com Google Dork: SOLIDserver login Date: 17 Feb 2016...

Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software

Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company. According to security...

Juniper Backdoor Picture Getting Clearer

The NSA’s subversion of encryption standards may have come home to roost. As more eyes examine the Juniper backdoor in ScreenOS, the operating system standing up its NetScreen VPNs, it’s becoming clear that someone backdoored the NSA backdoor in DualECDRBG, opening the door to passive decryption ...

Radancy: Application error message

Request GET / HTTP/1.1 Host: 12345'"'";|%00%0d%0a%bf%27' Referer: https://serverhk.maximum.com:443/ Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Opera/9.80 Windows NT 6.0; U; en Presto/2.8.99 Version/11.10 Accept: / Response HTTP/1.1 500 Internal Server Error Server:...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-131)

The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key...

Apple to Remove Apps Using Private APIs

Apple said it will remove 256 misbehaving apps from its App Store that were using private APIs to pull personal and device information that would allow a user to be tracked. SourceDNA, an analytics company that specializes in studying the iOS and Android mobile app stores, privately disclosed to...

FreeBSD : LibreSSL -- Memory leak and buffer overflow (e75a96df-73ca-11e5-9b45-b499baebfeaf)

Qualys reports : During the code review of OpenSMTPD a memory leak and buffer overflow an off-by-one, usually stack-based were discovered in LibreSSL's OBJobj2txt function. This function is called automatically during a TLS handshake both client-side, unless an anonymous mode is used, and...

74cms /wap/wap-company-show.php sql注入

/wap/wap-company-show.php define'INQISHI', true; requireoncedirnameFILE.'/../include/common.inc.php'; requireonceQISHIROOTPATH.'include/funwap.php'; requireonceQISHIROOTPATH.'include/mysql.class.php'; $smarty-cache = false; $db = new mysql$dbhost,$dbuser,$dbpass,$dbname;...

SAP MII - Encryption Downgrade vulnerability

Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...

mcms最新版SQL注入（可出任意数据）

简要描述： mcms最新版SQL注入（可出任意数据） 详细说明： 掌易科技的程序员反应相当快啊，确认漏洞当天就修复以后出新版本了，前面在wooyun提的几个漏洞新版的mcms做了相应的处理，发布了新版v3.1.3.enterprise，再来研究研究。 注入一枚：POST /app/public/adv.php?m=saveall...