WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit

webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Title: WebKitGTK+ win = window.open"sleeponesecond.php...

Country micro CMS government website system guestbook SQL injection

No description provided by source...

WebKit: heap-buffer-overflow in JSC::SymbolTableEntry::isWatchable (CVE-2017-2469)

I confirmed the PoC crashes the release version of Safari 10.0.312602.4.8. It might need to refresh the page several times. PoC: function x = 0 var a; function arguments function b var g = 1; a5; f; g; ; Asan Log: ==55079==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60c0000c8e88 at...

S8000 rotating machinery online condition monitoring and analysis system weak password

No description provided by source...

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privilege...

x86_64 Linux shell_reverse_tcp with Password - Polymorphic Version

x8664 Linux shellreversetcp with Password - Polymorphic Version. Shellcode exploit for linx86-64 platform /--------------------------------------------------------------------------------------------------------------------- / Title: tcp reverse shell with password polymorphic version 122 bytes...

方维O2O商业系统 /app/Lib/biz/ajaxModule.class.php SQL 注入漏洞

No description provided by source...

KesionIMall存储xss

简要描述： 官方demo: http://imall.kesion.com/ 详细说明： demo 测试。 注册会员。 wooyuntest/123456 提交订单。 在地址出填写xss palyload。如图 然后到会员中心查看买到的商品。 xss触发。 漏洞证明：...

WebEngage 2.0.0 - resize.php height Parameter XSS

The WebEngage Feedback, Survey and Notification WordPress plugin was affected by a resize.php height Parameter XSS security vulnerability...

Machform Form Maker 2 - Multiple Vulnerabilities

No description provided by source...

Wordpress 0.6/0.7 Blog.Header.PHP SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8756/info Wordpress has been reported prone to multiple SQL injection vulnerabilities. The issues have been reported to exist in the blog.header.php script. A lack of sufficient sanitization performed on 'cat' and 'orderb...

Immunity Canvas: IE_EXECCOMMAND

Name| ieexecCommand ---|--- CVE| CVE-2012-4969 Exploit Pack| CANVAS Description| ieexecCommand Notes| CVE Name: CVE-2012-4969 VENDOR: Microsoft Notes: VersionsAffected: Repeatability: Infinite References: 'http://technet.microsoft.com/en-us/security/advisory/2757760' Date public: 09/17/2012 MSADV...

SoftXMLCMS Shell Upload

Exploit Title : softxmlcms Shell Upload Vulnerability Google Dork : Powered by softxmlcms Date : 2011-04-15 Author : Alexander Software Link : http://www.softxml.com Test On : Windows/asp/php CVE : Web Applications === Exploit === http://server/patch/XMLEditor2.0/uploadfile1.asp Select the Choose...

Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow

$Id: applequicktimesmildebug.rb 10011 2010-08-13 23:11:23Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Cpanel v11. 2 5 CSRF add administrator account exp-vulnerability warning-the black bar safety net

Cpanel v11. 2 5 CSRF add admin account vulnerability. Exploite: html body onload="javascript:fireForms" form method="POST" name="form0" action=" http://server:2082/frontend/x3/ftp/doaddftp.html" input type="hidden" name="login" value="name"/ input type="hidden" name="password" value="pass"/ input...

osCSS 1.2.1 Backup Disclosure

======================================================================================== | Title : osCSS 1.2.1 Backups Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Web Site :...

Xerox Workcenter 4150 - Remote Buffer Overflow (PoC)

Xerox Workcenter 4150 - Remote Buffer Overflow PoC Application: Xerox Workcenter 4150 Remote Buffer Overflow Platforms: Xerox Workcenter 4150 Discover Date: 2009-12-21 Author: Francis Provencher Protek Research Lab's Blog: http://www.Protekresearchlab.com 1 Introduction 2 Report Timeline 3...

DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel Ring0 Code Execution

DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel Ring0 Code Execution / deslock-dlpcrypt.c Copyright c 2009 by DESlock+ 4.0.2 local kernel SYSTEM exploit by mu-b - Thu 18 Jun 2009 - Tested on: dlpcrypt.sys 0.1.1.27 .text:0001BB2E: 'what do ya want for nothing?' - hmmm, something that doesn't pass kerne...

PowerCHM 5.7 (hhp) Local Buffer Overflow Exploit

Exploit for unknown platform in category local exploits ================================================ PowerCHM 5.7 hhp Local Buffer Overflow Exploit ================================================ !/usr/bin/perl Title: PowerCHM 5.7 hhp Local Buffer Overflow Exploit Summary: With PowerCHM you...

FLDS 1.2a report.php (linkida) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== FLDS 1.2a report.php linkida Remote SQL Injection Exploit =========================================================== !/usr/bin/perl -w Free Links Directory Script V1.2a Remote SQ...