38 matches found
Adobe AEM Dispatcher <4.15 - Rules Bypass
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. id: CVE-2016-0957 info: name: Adobe AEM Dispatcher 4.15 - Rules Bypass author: geeknik severity:...
Apache S2-032 Struts - Remote Code Execution
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix related to chained expressions. id: CVE-2016-3081 info: name: Apache S2-032 Struts - Remote Code Execution...
NUUO NVR camera `debugging_center_utils_.php` - Command Execution
debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. id: CVE-2016-5674 info: name: NUUO NVR camera debuggingcenterutils.p...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass
Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a sessionid cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. id: CVE-2016-7552...
NETGEAR Routers - Remote Code Execution
NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow...
WordPress PHPMailer < 5.2.18 - Remote Code Execution
WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property in isMail transport. id: CVE-2016-10033 info: name: WordPress PHPMailer 5.2.18 - Remote...
Escalamiento-de-Privilegios-usando-el-Kernel-Exploit-Dirty-Cow
🐄 Privilege Escalation — Dirty COW CVE-2016-5195 Entorn...
Linux Distros Unpatched Vulnerability : CVE-2016-3094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of...
Apache Tomcat - Remote Code Execution via JMX Ports
Apache Tomcat versions before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 are vulnerable to remote code execution if JmxRemoteLifecycleListener is used and the JMX ports are exposed to attackers. The vulnerability exists due to inconsistent credentia...
SUSE CVE-2016-5095
Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...
SUSE CVE-2016-9936
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834...
CVE-2016-9038
creationtimestamp| type| source ---|---|--- 2017-07-06 10:09:19+00:00| seen| https://t.me/antimalware/115 2017-07-08 05:20:41+00:00| seen| https://t.me/webamoozir/2080...
Exploit for Argument Injection in Phpmailer_Project Phpmailer
CVE2016-10033 explotation PoC This repository holds the neces...
UBUNTU-CVE-2016-6613
An issue was discovered in phpMyAdmin. A user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to...
CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate
Document Title: =============== CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2014 Video: https://www.youtube.com/watch?v=81Qam91pRoE Credits:...
UBUNTU-CVE-2016-7417
ext/spl/splarray.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data...
UBUNTU-CVE-2016-7175
epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted packet...
UBUNTU-CVE-2016-4245
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...