iBilling 3.7.0 Cross Site Scripting

Cross Site Scripting Stored: http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref POST...

Python Exploit Development GDB Assistance: Peda

Python Exploit Development GDB Assistance PEDA is a Python GDB script with many handy commands to help speed up exploit development process on Linux/Unix. It is also a framework for writing custom interactive Python GDB commands. PEDA v1.1 Released Requirements PEDA 1.0 is only support Linux GDB...

Adobe DNG Software Development Kit Memory Corruption Vulnerability

Adobe DNG Software Development Kit SDK is the United States of America Ordoby Adobe company's set of software development tools for reading and writing DNG files as well as converting DNG data format. A security vulnerability exists in Adobe DNG SDK 1.4 2012 release and earlier versions for Windo...

SQL Injection Vulnerability in the LoginName Parameter of the Collaboration Office System of Shanghai CITIC Information Development Co.

CITIC Shanghai Information Development Co., Ltd. collaborative office system is a set of online office automation software A SQL injection vulnerability exists in the loginName parameter of the CITIC Information Development Co., Ltd. collaborative office system, which can be exploited by an...

Armadito Antimalware - Backdoor AccessBypass

Armadito Antimalware - Backdoor AccessBypass / Exploit Title : Armadito antimalware - Backdoor/Bypass Date : 07-06-2016 DD-MM-YYYY Exploit Author : Ax. Vendor Homepage : http://www.teclib-edition.com/teclib-products/armadito-antivirus/ Software Link : https://github.com/41434944/armadito-av Versi...

Updated CryptXXX Ransomware Big Money Potential

CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX...

[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

transfer.sh - Easy and Fast File Sharing from the Command-line

Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance. Transfer.sh support currently the s3 Amazon S3 provider and local file system local. Usage Upload: $ curl --upload-file ./hello.txt https://transfer.sh/hello.txt...

collegedevelopmentnetwork.ac.uk XSS vulnerability

Vulnerable URL: http://www.collegedevelopmentnetwork.ac.uk/wp-includes/js/mediaelement/flashmediaelement.swf?jsinitfunctio%gn=alertOPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

[SECURITY] Fedora 24 Update: mingw-openssl-1.0.2h-1.fc24

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows MinGW libraries and development tools...

CJExploiter - Drag and Drop ClickJacking Exploit Development Assistance Tool

CJExploiter is drag and drop ClickJacking exploit development assistance tool. First open the "index.html" with your browser locally and enter target URL and click on "View Site". You can dynamically create your own inputs. Finally by click the "Exploit It" you can see the P0C. Summery...

NRSS Reader 0.3.9 - Local Stack Overflow

NRSS Reader 0.3.9 - Local Stack Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: NRSS RSS Reader Version: 0.3.9-1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program...

[SECURITY] Fedora 23 Update: subversion-1.9.4-1.fc23

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

Critical: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Yeeditor, abandonware

Yeeditor from Yeedeen development apparently abandoned, developer's site is infected with malware All versions prior to 1.0.7 contain file upload vulnerability...

RedHat Update for java-1.8.0-openjdk RHSA-2016:0514-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for java-1.7.0-openjdk RHSA-2016:0511-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Java SDK Arbitrary Code Execution Vulnerability

IBM Java SDK is a U.S. IBM's Java implementation for AIX and Linux platforms , is a software development kit . An arbitrary code execution vulnerability exists in the IBM Java SDK. A remote attacker can exploit this vulnerability to execute arbitrary code and elevate privileges by modifying or...

JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment...