Webmin Cross-Site Request Forgery Vulnerability

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site request forgery vulnerability exists in Webmin version 1.850. A remote attacker can exploit this vulnerability by sendin...

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors...

How to Backup The Veeam ONE SQL Database

Purpose This article documents methods to back up the Veeam ONE SQL database. This is useful when you have to do a backup before an upgrade or if you have been asked to provide a backup of Veeam ONE database to Veeam Support for further in-depth analysis. Solution Identify the Location of the Vee...

create-a-scholar.net Open Redirect vulnerability

Vulnerable URL: http://create-a-scholar.net/flash/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed...

Netsweeper Authentication Bypass Vulnerability (CNVD-2017-30727)

Netsweeper is a Web content filtering solution from Netsweeper Canada. A security vulnerability exists in versions of Netsweeper prior to 4.0.5. A remote attacker can exploit this vulnerability by sending a request to the webadmin/nslam/index.php file to bypass authentication and create arbitrary...

Bento4 Core/Ap4AtomFactory.cpp file null pointer reference vulnerability

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in AP4AtomFactory::CreateAtomFromStream in the Core/Ap4AtomFactory.cpp file in Bento4 version 1.5.0-617, which stems from the program's failure to detect null values. An attacker can exploit th...

fses - Python Library To Scrap Url'S From Search Engines

Fucking Search Engines Scraper - python library to scrap url's from search engines Search Engines we scrap Ask Bing DuckDuck GO UOL Yahoo Install git clone https://github.com/mthbernardes/fses.git cd fses pip install -r requeriments.txt Usage Simple search using Ask from searchEngines.ask import...

RubyGems < 2.6.13 - Arbitrary File Overwrite

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...

CVE-2014-8677

The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and...

Foxit Reader < 8.3.2 Multiple Vulnerabilities

The version of Foxit Reader installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially execute arbitrary code. CVE-2017-10951 - A flaw in the saveA...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access) Vulnerability

Exploit for jsp platform in category web applications HTML Decoded PoC: history.pushState'', '', '/' input type="hidden"...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)

NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...

NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)

HTML Decoded PoC: history.pushState'', '', '/'...

DEBIAN-CVE-2017-13693

The acpidscreateoperands function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism in the kerne...

libgig Denial of Service Vulnerability (CNVD-2017-27702)

libgig is a C++ library for loading, modifying and creating Gigasamlier and DLS files. A denial of service vulnerability exists in the 'gig::DimensionRegion::CreateVelocityTable' function of the gig.cpp file in libgig version 4.0.0. A remote attacker can exploit this vulnerability to cause a deni...

R Command Shell, Reverse TCP

Connect back and create a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 150 include Msf::Payload::Single include Msf::Payload::R include...

CVE-2017-10120

Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS...

CVE-2014-9262

The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files...

CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...