Collaborative Storytelling at Rapid7

Great ideas can come from anywhere! At Rapid7, we design and develop wonderful products we hope you think so too!. Everything here starts with stories. Storytelling matters: The ability to tell a compelling story is the defining quality of human nature. Storytelling is just as important in busine...

The installer of SemiDynaEXE provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries

Overview The installer of SemiDynaEXE SemiDynaEXE2008.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

The vulnerability of Qualcomm’s TrustZone microprogramming software technology allows a intruder to trigger a service failure or exert other effects on the system.

The vulnerability of Qualcomm’s TrustZone microprogramming software’s Android Secure Execution Environment from the CAF repository is due to a numerical overflow. Exploiting this vulnerability could allow an attacker to cause a system failure or otherwise affect the system...

Directory Traversal

Overview Affected versions of serverliujiayi1 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

Directory Traversal

Overview Affected versions of serverlyr resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL. Example request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:foo and response: HTTP/1.1 200 OK Date: Wed, 17 M...

Directory Traversal

Overview Affected versions of serveryaozeyan resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...

JAD java Decompiler 1.5.8e - Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits !/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: GNU/Linux - Kali 2017.1 Release Description: JAD Java Decompiler 1.5.8e-1kali1 and prior is pro...

[SECURITY] Fedora 25 Update: FlightGear-2016.3.1-4.fc25

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

[SECURITY] Fedora 24 Update: FlightGear-2016.1.2-6.fc24

The Flight Gear project is working to create a sophisticated flight simulator framework for the development and pursuit of interesting flight simulator ideas. We are developing a solid basic sim that can be expanded and improved upon by anyone interested in contributing...

CVE-2017-9111

In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code...

CVE-2017-9113

In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code...

Directory Traversal

Overview Affected versions of badjs-sourcemap-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability. Note that this vulnerability is different from JVN85512750. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported...

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

Directory Traversal

Overview Affected versions of iter-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. from pwn import contextarch = 'i386', os = 'linux' r = remote'exploitme.example.com', 31337 EXPLOIT COD...

Learn How to Code: Get 10 Best Online Training Courses for Just $49

Struggling to learn how to code? If you’re looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

Apple Safari WebKit JSString Use After Free Code Execution (CVE-2017-2491)

Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...