8696 matches found
Robber - Tool For Finding Executables Prone To DLL Hijacking
Robber is a free open source tool developed using Delphi XE2 without any 3rd party dependencies. What is DLL hijacking ?! Windows has a search path for DLLs in its underlying architecture. If you can figure out what DLLs an executable requests without an absolute path triggering this search...
Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - A flaw exists that is due to the program allowing users who have rights to edit a node to set the visibility for comments on that node. This may allow an authenticated remote...
CVE-2016-10734
ProjectSend formerly cFTP r582 allows Insecure Direct Object Reference via includes/actions.log.export.php...
BSA-2018-728
Security Advisory ID : BSA-2018-728 Component : Fabric OS CLI : secryptocfg export command Revision : 1.0: Initial A vulnerability in the secryptocfg export command of Brocade Fabric OS could allow a local attacker to bypass the export file access restrictions and initiate a file copy from the...
Slither - Static Analyzer For Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...
Oracle Siebel CRM 8.1.1 - CSV Injection
Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html Version: Oracle Siebel CRM Versio...
Cb Integrations: Cb Response Timeliner
Editor's Note: This post originally appeared on StillzTech.com and is being republished with permission from the author. Github: Incident Response is a challenging career. As responders, we must do our best to keep up to date with the latest attack trends, malware and forensic techniques...
Cb Integrations: Cb Response Timeliner
Editor's Note: This post originally appeared on StillzTech.com and is being republished with permission from the author. Github: Incident Response is a challenging career. As responders, we must do our best to keep up to date with the latest attack trends, malware and forensic techniques...
Gurp - Golang command-line interface to Burp Suite's REST API
Requirements BurpSuite Professional v2.0.0beta or greater from PortSwigger Dependencies go get -u -v github.com/fatih/color go get -u -v github.com/integrii/flaggy go get -u -v github.com/tidwall/gjson go get -u -v github.com/grokify/html-strip-tags-go Binaries Latest version available here...
PT-2018-3878 · D Link · D-Link Dir-823G
Name of the Vulnerable Software and Affected Versions: D-Link DIR-823G devices affected versions not specified Description: The issue is related to the lack of authentication in certain components of the D-Link DIR-823G device's firmware, specifically ExportSettings.sh, upload settings.cgi,...
Security Bulletin: Vulnerabilities in IBM Java runtime affect ClearQuest Eclipse (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® Runtime Environment Java™ Technology Edition that is used by ClearQuest Eclipse client. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS...
Qualys Cloud Platform 2.34.1 New Features
This release of the Qualys Cloud Platform version 2.34.1 includes updates and new features for Cloud Agent & AWS EC2 Connector, AssetView, CloudView, and Security Assessment Questionnaire, highlights as follows. Cloud Agent & AWS EC2 Connector Automatic Merge of Cloud Agents running in Amazon Web...
Veeam Service Provider Console – Compile and Upload Management Agent Logs
Challenge This article covers how to Management Agent logs for both client agents and the Cloud Connect agent. Solution Export Management Agent Logs To export Veeam Service Provider Console Management Agent logs for one or more client agents, please: 1. Log into the Veeam Service Provider Console...
Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...
UBUNTU-CVE-2018-15474
DISPUTED CSV Injection aka Excel Macro Injection or Formula Injection in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has...
PT-2018-13040 · Dokuwiki · Dokuwiki
Name of the Vulnerable Software and Affected Versions: DokuWiki versions 2018-04-22a and earlier Description: The issue allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export in the /lib/plugins/usermanager/admin.php file...
CA PPM Cross-Site Scripting Vulnerability
CA PPM is a suite of project and portfolio management software from CA USA. The software includes features such as task management, project planning, financial reporting management and resource management. A cross-site scripting vulnerability exists in the gridExcelExport feature in CA PPM, which...
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...
CVE-2018-15571
The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection...