8678 matches found
Windows x86 WinExec"cmd.exe",0 Shellcode
Windows x86 WinExec"cmd.exe",0 Shellcode. Shellcode exploit for win32 platform / Title : Windows x86 WinExec"cmd.exe",0 shellcode Date : 07/06/2016 Author : Roziul Hasan Khan Shifat Tested On : Windows 7 Professional x86 / / To Compile: -------------- $nasm -f win32 winexec.asm -o exec.obj Linkin...
New Angler Exploits Bypass EMET Mitigations
New Microsoft Silverlight and Adobe Flash exploits that bypass Microsoft’s Enhanced Mitigation Experience Toolkit EMET have found their way into an updated version of the Angler Exploit Kit. EMET is a suite of freely available tools for Windows machines that mitigate memory-based attacks. The...
[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.2-1.fc22
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Canon IR-Adv Password Extractor
This module will extract the passwords from address books on various Canon IR-Adv mfp devices. Tested models: iR-ADV C2030, iR-ADV 4045, iR-ADV C5030, iR-ADV C5235, iR-ADV C5240, iR-ADV 6055, iR-ADV C7065 This module requires Metasploit: https://metasploit.com/download Current source:...
[SECURITY] Fedora 23 Update: phpMyAdmin-4.6.2-1.fc23
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
WordPress Stream Plugin <= 3.0.5 - Unauthenticated Events Export
Because of this vulnerability, unauthenticated users can export CSV or JSON of recent events. Solution Update the plugin...
Stream <= 3.0.5 - Unauthenticated Events Export
The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version...
Stream <= 3.0.5 - Unauthenticated Events Export
The Stream WordPress plugin allows unauthenticated users to export CSV or JSON of recent events. The code only checks to see if the proper GET variables are passed to a valid backend WordPress handler and will happily export logged entries. Reported to maintainers on 5/25/2016 and new version...
MeshCMS Command Injection Vulnerability
MeshCMS is an online editing system developed by JAVA. The parameter "exportCommand" in the MeshCMS staticexport2.jsp file has command injection. The attacker is able to execute malicious commands...
Internet Bug Bounty: Bleichenbacher oracle in SSLv2 (CVE-2016-0704)
I'm retroactively submitting CVE-2016-0704, a.k.a. "Leaky Export", which is a Bleichenbacher-style bug that leads to another variant of the Special DROWN attack. I'm submitting on behalf of myself and J. Alex Halderman, as we independently found this bug. This was validated by OpenSSL as...
WordPress Export To Ghost Export Download
Exploit Title: WordPress Export to Ghost Unrestricted Export Download Date: 28-04-2016 Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category: webapps 1. Description Any visitor can download the Ghost Expo...
WordPress Ghost Plugin 0.5.5 - Unrestricted Export Download
Because of this vulnerability, anyone can download the Ghost Export file from the website, because an admin user is not correctly checked. Solution Update the plugin...
WordPress Ghost 0.5.5 Plugin - Unrestricted Export Download
Exploit for php platform in category web applications Exploit Title: WordPress Export to Ghost Unrestricted Export Download Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category: webapps 1. Description An...
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download
Exploit Title: WordPress Export to Ghost Unrestricted Export Download Date: 28-04-2016 Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category: webapps 1. Description Any visitor can download the Ghost Expo...
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download
WordPress Plugin Ghost 0.5.5 - Unrestricted Export Download Exploit Title: WordPress Export to Ghost Unrestricted Export Download Date: 28-04-2016 Software Link: https://wordpress.org/plugins/ghost Exploit Author: Josh Brody Contact: http://twitter.com/joshmn Website: http://josh.mn/ Category:...
Ghost Plugin <= 0.5.5 - Unrestricted Export Download
The Ghost WordPress plugin was affected by an Unrestricted Export Download security vulnerability...
IPGeoLocation - A tool to retrieve IP Geolocation information
A tool to retrieve IP Geolocation information Powered by ip-api Requirements Python 3.x Features Retrieve IP or Domain Geolocation. Retrieve your own IP Geolocation. Retrieve Geolocation for IPs or Domains loaded from file. Each target in new line. Define your own custom User Agent string. Select...
CVE-2016-1916
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...
CVE-2016-1916
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...
Cross site scripting
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a...