CVE-2015-1604

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/...

Multi Purpose Bruteforcer: Patator

Multi Purpose Bruteforcer Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors...

Ubuntu 14.04 LTS : GNU binutils vulnerabilities (USN-2496-1)

"The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2496-1 advisory. Michal Zalewski discovered that the setupgroup function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could u...

APPLE-SA-2015-01-27-2 iOS 8.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow acce...

Debian: Security Advisory (DSA-3152-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

APPLE-SA-2015-01-27-1 Apple TV 7.0.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...

Malware Poses as Flash Update Infects 110,000 Facebook Users within 2 Days

Facebook users just Beware!! Don’t click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebo...

CVE-2015-1371

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/...

Unrestricted file upload

Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in custom/uploads/...

Windows Run Command As User

This module will login with the specified username/password and execute the supplied command as a hidden process. Output is not returned by default. Unless targeting a local user either set the DOMAIN, or specify a UPN user format e.g. user@domain. This uses the CreateProcessWithLogonW WinAPI...

Unrestricted file upload

Unrestricted file upload vulnerability in EMC M&R aka Watch4Net before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file...

ArticleFR CMS 3.0.5 - Arbitrary File Upload

ArticleFR CMS 3.0.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in articleFR CMS 3.0.5 Google Dork: N/A Date: 01/21/2015 Exploit Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://freereprintables.com Software Link:...

Oracle Solaris Third-Party Patch Update : php (cve_2013_4248_input_validation)

The remote Solaris system is missing necessary patches to address security updates : - The opensslx509parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of a...

CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart aka WordPress Shopping Cart plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...

Directory traversal

Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...

CVE-2015-0016

Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...

PT-2015-3408 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to a directory traversal vulnerability in the TS WebProxy component, which allows remote attackers to gain privileges via a crafted pathname in an...

CVE-2015-0016

Directory traversal vulnerability in the TS WebProxy aka TSWbPrxy component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted...

Unrestricted file upload

Unrestricted file upload vulnerability in libnonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cfuploadfile2 parameter, then accessing the file via a direct request to the fi...

Stud_PE-2.6.05

Exploit Title: StudPE v2.6.05 Stack Overflow PoC exploit Date: 03/28/2010 Author: zha0 Software Link: http://www.cgsoftlabs.ro/studpe.html Version: StudPE v2.6.05 peexe= "\x4D\x5A\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xFF\xFF\x00\x00"...