176 matches found
Design/Logic Flaw
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating...
[SECURITY] Fedora 31 Update: podofo-0.9.6-12.fc31
PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...
creating-balance.net Cross Site Scripting vulnerability
Security Researcher g0bl1nsec Helped patch 3650 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting creating-balance.net website and its users. Following...
Karakuzu ERP Management Web 5.7.0 SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
How to Create Custom Backup Policy IAM Role
The Backup Policy IAM role is used to run the following backup operations: Enumerating of the resources.Taking EBS snapshots of selected EC2 instances volumes.Creating volumes from snapshots.Attaching...
Nextcloud 17 - Cross-Site Request Forgery
Nextcloud 17 - Cross-Site Request Forgery Exploit Title: Nextcloud 17 - Cross-Site Request Forgery Date: 08.11.2019 Exploit Author: Ozer Goker Vendor Homepage: https://nextcloud.com Software Link: https://nextcloud.com/install/instructions-server Version: 17 CVE: N/A Nextcloud offers the...
DeviceViewer 3.12.0.1 Denial Of Service Exploit
!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: 1. Generate a...
DeviceViewer 3.12.0.1 - creating user Denial of Service
DeviceViewer 3.12.0.1 - creating user Denial of Service !/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe...
DeviceViewer 3.12.0.1 - 'creating user' Denial of Service
!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: ...
NewStart CGSL CORE 5.04 / MAIN 5.04 : xdg-user-dirs Vulnerability (NS-SA-2019-0026)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has xdg-user-dirs packages installed that are affected by a vulnerability: - It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user...
CVE-2019-10085
In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page...
Wpbullet - A Static Code Analysis For WordPress (And PHP)
A static code analysis for WordPress Plugins/Themes and PHP Installation Simply clone the repository, install requirements and run the script $ git clone https://github.com/webarx-security/wpbullet wpbullet $ cd wpbullet $ pip install -r requirements.txt $ python wpbullet.py Usage Available...
CVE-2019-10011
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
MicroTik RouterOS 6.43rc3 - Remote Root
MicroTik RouterOS 6.43rc3 - Remote Root / Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on:...
SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Teste...
SocuSoft iPod Photo Slideshow 8.05 Buffer Overflow
Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...
CVE-2018-15848
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true...
Security update for libvirt (moderate)
This update for libvirt fixes the following issues: Security issue fixed: - CVE-2018-3639: Add support for 'ssbd' and 'virt-ssbd' CPUID feature bits to address V4 Speculative Store Bypass aka "Memory Disambiguation" bsc1092885. Bug fixes: - bsc1094325: Enable virsh blockresize for XEN guests...