CVE-2015-9107

Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn’t use a per-system key or even a salt; therefore, it’s possible to create a universal decryptor. Recent assessments: thegu...

Shopify: XSS on "widgets.shopifyapps.com" via "stripping" attribute and "shop" parameter

Description Shopify allows developers to embed widgets containing product info on third-party websites via "widgets.shopifyapps.com". When the widget is rendered the shop attribute is not filtered allowing any website not just Shopify shops to be specified. By providing an attacker controlled...

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...

INFOR EAM 11.0 Build 201410 - 'filtervalue' SQL Injection

SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page with a search or filter field in it for example...

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on...

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Vulnerability

Exploit for multiple platform in category web applications Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its...

INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection Vulnerability

Exploit for multiple platform in category web applications SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page wi...

INFOR EAM 11.0 Build 201410 SQL Injection

SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page with a search or filter field in it for example...

F5 Networks BIG-IP : Linux kernel vulnerability (K20022580)

Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AFUNIX socket permissions or cause a denial of service panic via crafted epollctl calls. CVE-2013-7446 C Tenable Network Security, Inc. The descriptive text and package checks ...

BSA-2017-237

Security Advisory ID : BSA-2017-237 Component : Stack Buffer Overflow Issue in BSD libc Revision : 1.0: Interim The BSDlibclibrary'slinkntoa function may be vulnerable to a classic buffer overflow. It is currently unclear if this issue is exploitable. Affected Products Brocade is investigating it...

CVE-2017-3881: Cisco Catalyst switches remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

Your Catalyst switches whether to enable the telnet in? If Yes, it would have to be careful. This article will be to introduce the reader for the equipped with the latest firmware the Catalyst 2960 switch the remote code execution vulnerability proof-of-concept attack technique. Specific exploit...

Microsoft Outlook - HTML Email Denial of Service

Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they are not going to fix it in near future, I'm...

Network Reconnaissance & Vulnerability Assessment Tool: ReconScan

Network Reconnaissance & Vulnerability Assessment Tool The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from the perspective of exploitability. In terms...

shopify-scripts: Double free of filename after codegen error

The following program causes a double free of irep-filename after a codgen error is triggered. I've poked at it a bit and it doesn't seem exploitable because the second free happens near the end of the program and there don't appear to be any overflows or useful heap control available. However, I...

F5 Networks BIG-IP : libxml2 vulnerability (K14338030)

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document. CVE-2016-1762 File data f5bigipSOL14338030.nasl...

F5 Networks BIG-IP : PHP vulnerability (K42065024)

DISPUTED Integer overflow in the phprawurlencode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service application crash via a long string to the rawurlencode function. NOTE: the vendor says 'Not sure if...

Microsoft Internet Explorer 9 - MSHTML CElement::Has­Flag Memory Corruption

// First tag can be any inline but must NOT be closed yet // Second tag can be anything that's not inline. // "text1" can be anything document.write'text1'; // The tree is in good shape. show"DOM Tree after first write", get­Element­Treedocument.body; // At this point, it appears that MSIE is sti...

Microsoft Internet Explorer 9 - MSHTML CDisp­Node::Insert­Sibling­Node Use-After-Free (MS13-037) (2)

!-- Source: http://blog.skylined.nl/20161208001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Internet Explorer 9. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known...

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the thirteenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these throu...

OLX: Reflected XSS at m.olx.ph

INTRO The m.olx.ph domain is vulnerable to reflected XSS through the search function. EXPLOITABILITY & PoC The following URL contains an XSS vector, which causes an alert box to appear https://m.olx.ph/all-results?q=:%27%3E%3Cimg%20src=/%20onerror=alert%28document.domain%29%3E or...