2058 matches found
PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free
Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization and crafted object's wakeup magic method tha...
Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
A vulnerability in a local file script in Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with elevated privilege. The vulnerability is due to insufficient protection of a...
Magento eCommerce - Remote Code Execution
Exploit Title : Magento Shoplift exploit SUPEE-5344 Author : Manish Kishan Tanwar AKA error1046 Date : 25/08/2015 Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Jagriti,Kishan Singh and ritu rathi Debugged At : Indishell Laboriginally developed by joren //////////////////////// ///...
Cisco Prime Infrastructure Web Interface Cross-Site Request Forgery Vulnerability
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this...
Multiple XSS vulnerabilities in FortiSandbox WebUI
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt Vendor: ================================ www.fortinet.com PSIRT ID: 1418018 Product: ================================== FortiSandbox 3000D v2.02...
PHPfileNavigator v2.3.3 CSRF Add Arbitrary Users
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object
Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipts Sound Object Source: https://code.google.com/p/google-security-research/issues/detail?id=354&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id 90-day deadline tracking for...
Cisco TelePresence Video Communication Server Expressway Arbitrary File Injection Vulnerability
A vulnerability in the command-line interface CLI of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, local attacker to inject arbitrary arguments to a script on an affected system. The vulnerability is due to insufficient input validation of content ...
Multiple Cisco Finesse Cross-Site Scripting Vulnerabilities
Multiple vulnerabilities in Cisco Finesse could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerabilities are due to improper input validation of certain parameters passed via HTTP GET or POST methods to an affected device. An unauthenticated, remo...
Cisco Unified Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in the web chat interface of Cisco Unified Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the chat on the affected system. The vulnerability is due to insufficient input validation of user-supplied...
Cisco TelePresence Video Communication Server Expressway Command Execution Vulnerability
A vulnerability in the web framework of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to execute commands on the underlying operating system. The vulnerability is due to improper authorization of read-only users. An attacker could...
PHPfileNavigator 2.3.3 - Privilege Escalation
PHPfileNavigator 2.3.3 - Privilege Escalation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812b.txt Vendor: ========================= pfn.sourceforge.net Product:...
PHPfileNavigator 2.3.3 - Cross-Site Request Forgery
PHPfileNavigator 2.3.3 - Cross-Site Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt Vendor: ================================ pfn.sourceforge.net Product:...
XMPlay 3.8.1.12 Proof Of Concept
!/usr/bin/env python Exploit Title: XMPlay .pls Local Crash poc Date: 2015-08-16 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: http://www.un4seen.com/ Software Link: http://www.un4seen.com/download.php?xmplay38 Version: 3.8.1.12 Tested on: Windows 7 Stack Overflowing xmplay, but we...
Cisco Unified Interaction Manager Web Interface Authorization Bypass Vulnerability
A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to insufficient validation of user-supplied data against the application authorization contr...
Cisco Unified Interaction Manager Web Interface Security Bypass Vulnerability
A vulnerability in the Cisco Unified Interaction Manager web interface could allow an authenticated, remote attacker to delete default system folders for the messaging queues. The vulnerability is due insufficient validation of user-supplied data against the application authorization control logi...
Cisco TelePresence Video Communication Server Expressway Denial of Service Vulnerability
A vulnerability in the Cisco TelePresence Video Communication Server VCS Expressway could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient handling of malformed GET request messages. An attacker could exploit this...
Cisco Edge 340 Series Digital Media Player File Disclosure Vulnerability
A vulnerability in the Cisco Edge 340 webGUI configuration export functionality could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability to view sensitive...
Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability
A vulnerability in the System Snapshot of Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to view sensitive data. The vulnerability is due to insufficient protection of data at rest. An attacker could exploit this vulnerability by...
PHPfileNavigator 2.3.3 Privilege Escalation
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812b.txt Vendor: ========================= pfn.sourceforge.net Product: ===================================================== PHPfileNavigator v2.3.3 pfn...