226 matches found
exp-oncology.com.ua Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1089433 Security Researcher DakkarKey Helped patch 407 vulnerabilities Received 6 Coordinated Disclosure badges Received 14 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting exp-oncology.com.ua websi...
BSA-2020-893
Security Advisory ID : BSA-2020-893 Component : OpenSSL Revision : 2.0: Final There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...
DEBIAN-CVE-2019-1551
There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...
CVE-2019-15846: the exim remote access to root privileges vulnerability alerts-a vulnerability alert-the black bar safety net
GMT 2019 9 November 6 December 18: 00 PM, the exim release exim-4.92.2 version fixes CVE-2019-15846, an attacker can use this vulnerability to remotely obtain root privileges. Vulnerabilities from qualys to find and report. 360CERT determine the vulnerability to hazards and the impact is large...
How to build your own PoC framework Pocsuite3 using the article-the vulnerability warning-the black bar safety net
Compared to boring the usage of the description, the more I want to say about Pocsuite3 why will have these features as well as how to achieve. If you also want to build a similar tool, Pocsuite3 some of the thoughts may be able to help you. This article is also recorded Pocsuite3 development...
apr: Out-of-bounds array deref in apr_time_exp*() functions
An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...
Joomla EXP Auto 4.2.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha...
Joomla EXP Auto 4.2.3 SQL Injection
Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha Extension type: Plugin Last updated: Aug 10 2017...
Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution
Oracle WebLogic Server 10.3.6.0.0 12.x - Remote Command Execution import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "",...
Oracle WebLogic Server 10.3.6.0.0 / 12.x - Remote Command Execution
import requests import sys urlin = sys.argv1 payloadurl = urlin + "/wls-wsat/CoordinatorPortType" payloadheader = 'content-type': 'text/xml' def payloadcommand commandin: htmlescapetable = "&": "&", '"': """, "'": "'", "": "", ""+"".joinhtmlescapetable.getc, c for c in commandin+"" payload1 = " \...
apr: Out-of-bounds array deref in apr_time_exp*() functions
An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...
CVE-2017-3109
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet...
apr: Out-of-bounds array deref in apr_time_exp*() functions
An out-of-bounds array dereference was found in aprtimeexpget. An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak...
CVE-2017-7441
In Sophos SurfRight HitmanPro before 3.7.20 Build 286 included in the HitmanPro.Alert solution and Sophos Clean, a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical informatio...
Privilege escalation
Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...
unsorted bin attack analysis-vulnerability warning-the black bar safety net
One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...
pcre: buffer overflow for forward reference within backward assertion with excess closing parenthesis (8.38/18)
PCRE before 8.38 mishandles the /?=di?=?1|?=./ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript...
OIC Exponent CMS SQL Injection Vulnerability
OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from the American OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. A SQL injection vulnerability...
kill. exe overflow vulnerability analysis and EXP discussion-vulnerability warning-the black bar safety net
1. Foreword A few days ago, the author at exploit-db and found a kill. exe overflow vulnerability, in many of the UAF vulnerability, this simple overflow vulnerability simply as a unit of springs in General, then be picked out, deeply looked. The original plan to write a full available EXP, but...
CVE-2016-4169
Adobe Experience Manager 6.0–6.2 contains an information-disclosure vulnerability (CVE-2016-4169) that allows unprivileged users to access sensitive audit log event information via unspecified vectors. The issue affects AEM 6.0, 6.1, and 6.2 and is documented in multiple sources including the thr...