Red Hat Ceph Security Bypass Vulnerability

Red Hat Ceph is a Linux PB-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, so that data can be fault-tolerant and seamlessly replicated.Ceph...

Gleez CMS Cross-Site Request Forgery Vulnerability

Gleez CMS is an extensible open source content management system CMS based on the Kohana framework. A cross-site request forgery vulnerability exists in Gleez CMS version 1.2.0. A remote attacker can exploit this vulnerability to create new pages and logs...

UBUNTU-CVE-2018-10861

A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected...

Microsoft Windows 10 Active-X Creation/Deletion Vulnerability

Microsoft Windows 10 is a next-generation cross-platform operating system released by the American company Microsoft. A create/delete vulnerability exists in Microsoft Windows 10 Active-X. An attacker can exploit the vulnerability to create text files on the victim's machine and delete any file...

DEBIAN-CVE-2018-12896

An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INTMAX, but the accounting is int...

OneFileCMS Arbitrary PHP Code Execution Vulnerability

OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...

Fastspot BigTree CMS Cross-Site Scripting Vulnerability (CNVD-2018-12266)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in /users/create in Fastspot BigTree CMS. A remote attacker can exploit this vulnerability to inject scripts and attack highly...

CVE-2018-12884

In Octopus Deploy 3.0 onwards before 2018.6.7, an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15876)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the "Create Storage Group" method in Quest DR Series Disk Backup Software versions prior to 4.0.3.1. An attacker could exploit this vulnerability to execute system commands...

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

Linux kernel denial of service vulnerability (CNVD-2018-09997)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions prior to 4.13.5. A local attacker can exploit this vulnerability with the help of the keyctl command to create...

CVE-2018-0270

A vulnerability in the web-based management interface of Cisco IoT Field Network Director IoT-FND could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack and alter the data of existing users and groups on an affected device. The vulnerability is due to...

PT-2018-1311 · Microsoft +3 · Ie +5

Name of the Vulnerable Software and Affected Versions: Microsoft Windows VBScript Engine versions prior to the fixed version Description: A remote code execution issue exists in the way the VBScript engine handles objects in memory. This allows remote attackers to execute arbitrary code and affec...

Microsoft Windows 10: Replace a process level token

This policy setting determines which parent processes can replace the access token that is associated with a child process. Specifically, the Replace a process level token setting determines which user accounts can call the CreateProcessAsUser application programming interface API so that one...

Microsoft Windows 10: Create global objects

This policy setting determines which users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right. A global object is an object that is created to be used by any number of processes or...

Shopy Point of Sale 1.0 - CSV Injection

Shopy Point of Sale 1.0 - CSV Injection Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Ka...

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...

Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Exploit

Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif CONST LONG maxTimes = 2000; CON...

CVE-2018-10118

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...