XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

DEBIAN-CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

UBUNTU-CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution Exploit

Exploit for php platform in category remote exploits !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1: 3c003200408add04308c04e3e0ae03b7774e4120 Download:...

CVE-2017-10788

CVE-2017-10788 affects the DBD::mysql Perl module (up to at least 4.043). A remote attacker can trigger a use-after-free condition or cause an application crash by exploiting certain error responses from MySQL or a lost network connection. The use-after-free defect was introduced by incorrect Ora...

WMI Command Shell Wrapper: WMIcmd

WMI Command Shell Wrapper When doing low impact investigations and other similar activities you may want to minimize what is written to disk / obvious. This tool allows us to execute commands via WMI and get information not otherwise available via this channel. Purpose A small utility which only...

durell.co.uk XSS vulnerability

Vulnerable URL: http://durell.co.uk/programservices/onlinesystemmanual/files/page-viewer.asp?pagetitle=Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser=1288%22--!%3E%3CSvg/Onload=confirmOPENBUGBOUNTY%3E%22=files/Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser.htm...

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. from pwn import contextarch = 'i386', os = 'linux' r = remote'exploitme.example.com', 31337 EXPLOIT COD...

example: Heap-buffer-overflow in DoStuff

Detailed report: https://oss-fuzz.com/testcase?key=6201271579049984 Project: example Fuzzer: libFuzzerexampledostufffuzzer Fuzz target binary: dostufffuzzer Job Type: libfuzzerasanexample Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60a000000314 Crash State: DoStuff...

Cloudera HUE Session cookies stored in the database

User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...

Ad-LDAP-Enum - Active Directory LDAP Enumerator

ad-ldap-enum is a Python script that was developed to discover users and their group memberships from Active Directory. In large Active Directory environments, tools such as NBTEnum were not performing fast enough. By executing LDAP queries against a domain controller, ad-ldap-enum is able to...

HackerOne: IE 11 Self-XSS on Jira Integration Preview Base Link

I wasn't sure if you would accept this report due to it being Self-XSS, but I figured it might be useful information because it breaks one of the flows used to validate URLs. Steps ==================== 1. Launch IE 11 2. Log into a HackerOne account that has admin on a program. 3. Go to the...

PHP B2B Script 3.05 - SQL Injection

Exploit Title: PHP B2B Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-b2b-script/ Demo: http://readymadeb2bscript.com/product/basic/ Version: 3.05 Tested on: Win7 x64, Kali Linux x...

WordPress Contact Form Manager CSRF / XSS

------------------------------------------------------------------------ Cross-Site Request Forgery & Cross-Site Scripting in Contact Form Manager WordPress Plugin ------------------------------------------------------------------------ Edwin Molenaar, July 2016...

DEBIAN-CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

UBUNTU-CVE-2017-5491

wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name...

Inout Celebrities 1.0 Script - Improper Access Restrictions Vulnerability

Exploit for php platform in category web applications Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout Celebrities Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-celebrities/demo/ Author: İhsan...

Inout Search Engine Ultimate Edition 7.0/8.0 Script - Improper Access Restrictions Vulnerability

Exploit for php platform in category web applications Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout Search Engine Ultimate Edition Script Script Version: v7.0, v8.0 Script Buy Now:...

Win CE Schannel cert wildcard matches too much

curl's TLS server certificate checks are flawed on Windows CE. This vulnerability occurs in the verify certificate function when comparing a wildcard certificate name as returned by the Windows API function CertGetNameString to the hostname used to make the connection to the server. The...