CVE-2019-1193

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

CVE-2019-0975

A security feature bypass vulnerability exists when Active Directory Federation Services ADFS improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security...

CuteNews 2.1.2 - avatar Remote Code Execution (Metasploit)

CuteNews 2.1.2 - avatar Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploit...

Edge no prior knowledge of the exploit-vulnerability warning-the black bar safety net

The background set forth 2007 held so far, in the pwn2own contest, the browser is always the main event. Watch the game at the same time, I believe a lot of friends have been eager to try. But do you remember how many times full of confidence, last and all the time being put on hold? The article...

CVE-2019-10060

The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability...

Code injection

eVisitorPass could allow a local attacker to gain elevated privileges on the system, caused by an error with the Virtual Keyboard Start Menu. By visiting the kiosk and pressing windows key twice, an attacker could exploit this vulnerability to close the program and launch other processes on the...

Broken Access Control in Localization Handling

It has been discovered that backend users having limited access to specific languages are capable of modifying and creating pages in the default language which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability...

Directory Traversal

takeapeek is vulnerable to directory traversal. A remote attacker is able to exploit the vulnerability using the ../ characters to retrieve directory and files which are otherwise not available from the webserver...

CVE-2018-7928

There is a security vulnerability which could lead to Factory Reset Protection FRP bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new on...

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

WolfSight CMS 3.2 SQL Injection

Exploit Title: WolfSight CMS 3.2 - SQL Injection Google Dork: N/A Date: 2018-07-10 Exploit Author: Berk Dusunur & Zehra Karabiber Vendor Homepage: http://www.wolfsight.com Software Link: http://www.wolfsight.com Version: v3.2 Tested on: Parrot OS / WinApp Server CVE : N/A PoC Sql Injection...

CVE-2018-12893

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...

Design/Logic Flaw

An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue e.g., in combination with a successful XSS, or at an unattended workstation to change the admi...

Authorization

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization enforcement on batch processing. An attacker could...

Design/Logic Flaw

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service DoS condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit th...

Ransomware Attack Hits Ukrainian Energy Ministry, Exploiting Drupalgeddon2

The Ukrainian Energy Ministry has been hit by a ransomware attack – and for once it looks like this is the work of amateurs, not nation-state attackers bent on making a geopolitical point. However, the bad actors appear to have made use of the recently patched Drupal vulnerability, pointing out y...

Brave Browser 0.13.0 - long alert() argument Denial of Service

Brave Browser 0.13.0 - long alert argument Denial of Service Exploit Title:Brave Browser...

Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution

Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...

BOCHS 2.6-5 Local Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Program...

Design/Logic Flaw

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is...