CVE-2016-6136

When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands...

Microsoft Windows CLFS Driver Elevation of Privilege (MS16-134: CVE-2016-3342)

An elevation of privilege vulnerability exists in the Windows Common Log File System Driver. The vulnerability is caused when the Windows Common Log File System Driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially exe file...

Dwnldr 1.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

User agent strings are logged when requesting downloads that are processed by dwnldr and displayed back to the admin with no encoding, allowing for scripts to be stored and executed. PoC curl -A "User-Agent: " -O http:///?attachmentid=...

Foolav - Pentest Tool For Antivirus Evasion and Running Arbitrary Payload on Target Wintel Host

Executable compiled with this code is useful during penetration tests where there is a need to execute some payload meterpreter maybe? while being certain that it will not be detected by antivirus software. The only requirement is to be able to upload two files: binary executable and payload file...

orovillemr.com XSS vulnerability

Open Bug Bounty ID: OBB-73180 Description| Value ---|--- Affected Website:| orovillemr.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

EMC Secure Remote Services Virtual Edition Command Injection

------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014...

Design/Logic Flaw

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...

CVE-2015-0926

Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file...

CVE-2015-0926

LabTech (LabTech Software) on Linux prior to version 100.237 exposes world-writable permissions on root-executed startup scripts. This allows a local authenticated user to gain privileges by modifying the script file. CVE-2015-0926 is supported by multiple sources (NVD entry and CERT/CVE referenc...

Microsoft Dynamics CRM 2013 SP1 Cross Site Scripting

Advisory ID: HTB23245 Product: Microsoft Dynamics CRM 2013 SP1 Vendor: Microsoft Corporation Vulnerable Versions: 6.1.1.132 DB 6.1.1.132 and probably prior Tested Version: 6.1.1.132 DB 6.1.1.132 Advisory Publication: December 29, 2014 without technical details Vendor Notification: December 29, 20...

JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution

i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...

[SECURITY] Fedora 21 Update: jenkins-external-monitor-job-plugin-1.4-1.fc21

This package provides Jenkins plugin which adds the ability to monitor the result of externally executed jobs...

phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.

The phpMyAdmin development team reports: With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries. This vulnerability can be triggered only by someone who is logged in to...

RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/9751/info Serv-U FTP Server has been reported prone to a remote stack based buffer overflow vulnerability when handling time zone arguments passed to the MDTM FTP command. The problem exists due to insufficient bounds...

Complete PHP Counter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15112/info Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Utopia News Pro 1.1.3 footer.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

Beatport Player 1.0.0.283 - (.M3U File) Local Stack Overflow Exploit (3)

No description provided by source. !/usr/bin/perl Beatport Player 1.0.0.283 .M3U File Stack Core Overflow ExploitSEH Work Only in WIN SP2 FR Credit to SirGod The Discover Stack The exploiter Whalna rire m3a lprogram mati khdeme hta ti chiyeb lpc :d After exec the exploit wait some sec for see the...

SiteBeater News 4.0 Archive.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15697/info SiteBeater News is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrar...

Upclient 5.0 b7 Command Line Argument Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7703/info upclient has been reported prone to a buffer overflow vulnerability when handling command line arguments of excessive length. It is possible for a local attacker to seize control of the vulnerable application an...

Microsoft Windows XP/2000/NT 4 HTML Converter HR Align Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8016/info Microsoft Windows platforms are prone to a boundary condition error in the HTML converter. If the 'Align' attribute of the 'HR' tag is given an excessively large value, an internal buffer will be overrun. This...