CVE-2017-16635

TinyWebGallery v2.4 is affected by a Cross-Site Scripting (XSS) vulnerability in the Add/Create module. The issue resides in the mkname, mkitem, and item parameters, allowing remote attackers with low-privilege backend access to inject script code into the TWG Explorer item listing. The attack us...

CVE-2017-16569

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

CVE-2017-15039

Cross-site scripting XSS exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

CVE-2017-15965

The NS Download Shop aka comnsdownloadshop component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action...

CVE-2017-15936

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed...

Webmin Cross-Site Request Forgery Vulnerability

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site request forgery vulnerability exists in Webmin version 1.850. A remote attacker can exploit this vulnerability by sendin...

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors...

How to Backup The Veeam ONE SQL Database

Purpose This article documents methods to back up the Veeam ONE SQL database. This is useful when you have to do a backup before an upgrade or if you have been asked to provide a backup of Veeam ONE database to Veeam Support for further in-depth analysis. Solution Identify the Location of the Vee...

create-a-scholar.net Open Redirect vulnerability

Vulnerable URL: http://create-a-scholar.net/flash/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed...

Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30727)

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in versions of Netsweeper prior to 4.0.5. A remote attacker can exploit this vulnerability by sending a request to the webadmin/nslam/index.php file to bypass authentication and create arbitrary...

Bento4 Core/Ap4AtomFactory.cpp file null pointer reference vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in AP4AtomFactory::CreateAtomFromStream in the Core/Ap4AtomFactory.cpp file in Bento4 version 1.5.0-617, which stems from the program's failure to detect null values. An attacker can exploit th...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

RubyGems < 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

CVE-2014-8677

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

Foxit Reader < 8.3.2 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially execute arbitrary code. CVE-2017-10951 - A flaw in the saveA...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) Vulnerability

Exploit for jsp platform in category web applications HTML Decoded PoC: history.pushState'', '', '/' input type="hidden"...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)

HTML Decoded PoC: history.pushState'', '', '/'...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...

DEBIAN-CVE-2017-13693

The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...