759 matches found
PHP < 5.4.39, 5.5.x < 5.5.23, 5.6.x < 5.6.7 Multiple Vulnerabilities - Linux
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
INURLBR - Advanced Search in Multiple Search Engines
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. INURLBR scanner was developed by Cleiton Pinheiro, owner and founder of INURL - BRASIL. Tool made in PHP that can...
Adobe Flash Player PCRE Regex Vulnerability
This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode. This module requires Metasploit:...
Generic DLL Injection From Shared Resource
This is a general-purpose module for exploiting conditions where a DLL can be loaded from a specified SMB share. This module serves payloads as DLLs over an SMB service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Magento SSL Certificate Validation Security Bypass Vulnerability
Magento is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
Zend PHP Advanced Local File Inclusion (CVE-2010-2094)
This vulnerability class creates a new method for attackers for exploiting file inclusion vulnerabilities. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the compromised machine...
TCPDUMP ISAKMP Payload Handling DoS (CVE-2004-0183)
Tcpdump parses and displays, and optionally records packets received on a network interface matching a user provided filter. Two vulnerabilities exist in the Tcpdump ISAKMP payload handling module, which can be exploited to cause a DoS Denial of Service by sending packets with specially crafted...
Good For Enterprise Android HTML Injection
https://labs.integrity.pt/articles/good-for-enterprise-android-html-injection-cve-2014-4925/ 1. Vulnerability Properties Title: HTML Injection in Good for Enterprise Android CVE ID: CVE-2014-4925 CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Vendor: Good Technology http://www1.good.com/...
MinaliC-Webserver-2.0.0
Exploit Title: MinaliC Webserver buffer overflow Date: 12 Apr 2013 Exploit Author: superkojiman - http://www.techorganic.com Vendor Homepage: http://minalic.sourceforge.net/ Version: MinaliC Webserver 2.0.0 import socket import struct 74 bytes calc.exe from...
Device42 DCIM Appliance Manager 'ping' Command Injection Vulnerability
Device42 DCIM Appliance Manager is prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Multiple IQ Invisions Products Command Injection Vulnerability (Nov 2014)- Active Check
Multiple IQ Invisions products are prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Multiple Trendnet TV-IP Cams Command Injection Vulnerability
Multiple Trendnet TV-IP Cams are prone to a command-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Attackers Exploiting Windows OLE Vulnerability
Attackers are using a zero day vulnerability in nearly all supported versions of Windows in a series of targeted attacks. The flaw is in the OLE technology in Windows and can be used for remote code execution is a targeted user opens a rigged Office file. Microsoft is warning customers that there...
Security Advisory-CSRF Vulnerabilities in Multiple Products
Cross-site request forgery CSRF vulnerabilities are discovered in multiple products, including FusionManager Vulnerability ID: HWPSIRT-2014-0408 and USG firewall series Vulnerability ID: HWPSIRT-2014-0406. Vulnerabilities in the web interface of these devices could allow an unauthenticated, remot...
ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection
source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection
source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...
NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26073/info NETGEAR ProSafe SSL VPN Concentrator 25-SSL312 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to...
SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow PoC Exploit
No description provided by source. / surethingcdlabelerbofpoc.c SureThing cd labeler m3u/pls - unicode stack overflow PoC exploit Found by: Ruben Alejandro - chap0 Author: Steven Seeley - mrme http://net-ninja.net/ Greetz to: Corelan Security Team...
CommuniGate Pro 5.2.14 Web Mail URI Parsing HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35783/info CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to run HTML and script code in the context ...
Quick Classifieds 1.0 - controlpannel/alterCats.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...