UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

WordPress W3 Total Cache Security Credentials Hash Extract

A hash extract vulnerability has been reported in WordPress W3 Total Cache Plugin. Successful exploitation of this vulnerability would allow a remote attacker to obtain username and password hashes from affected WordPress servers...

UBUNTU-CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. dot dot in a ZIP archive entry that is mishandled during an extractTo call...

SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite

SquirrelMail 1.4.5-RC1 - Arbitrary Variable Overwrite SquirrelMail Arbitrary Variable Overwrite Vendor: The SquirrelMail Project Team Product: SquirrelMail Version: = 1.4.5-RC1 Website: http://www.squirrelmail.org/ BID: 14254 CVE: CVE-2005-2095 SECUNIA: 16058 PACKETSTORM: 38709 Description:...

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author:...

1 Click Extract Audio v2.3.6 - Activex Buffer Overflow

Document Title: =============== 1 Click Extract Audio v2.3.6 - Activex Buffer Overflow References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1506 Video: http://www.vulnerability-lab.com/getcontent.php?id=1507 Release Date: ============= 2015-06-05 Vulnerabilit...

1 Click Extract Audio 2.3.6 Buffer Overflow

1 Click Extract Audio Activex Buffer Overflow Affected version=2.3.6 Vendor Homepage:http://www.dvdvideotool.com/index.htm Software Link:www.dvdvideotool.com/1ClickExtractAudio.exe The vulnerability lies in the COM component used by the product SkinCrafter.dll SkinCrafter.dll version.1.9.2.0...

Cisco TelePresence Server Detection

The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

CVE-2015-2267

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value...

[SECURITY] Fedora 21 Update: cabextract-1.5-1.fc21

cabextract is a program which can extract files from cabinet .cab archives...

CVE-2014-6581

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...

CVE-2014-6581

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...

CVE-2014-6581

CVE-2014-6581 affects Oracle E-Business Suite through the Oracle Customer Intelligence component, across versions 11.5.10.2 and 12.0.4–12.2.4. The vulnerability is described as unspecified with unknown vectors related to Extract/Load Programs, allowing remote attackers to impact confidentiality a...

DEBIAN-CVE-2015-0552

Directory traversal vulnerability in the gcabfolderextract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."...

TinyRise最新版前台任意文件包含漏洞

简要描述： TinyRise最新版20140926任意文件包含漏洞，一定条件下，可getshell 详细说明： 漏洞发生在framework/web/controller/Controllerclass.php文件的renderExecute函数： renderExecute函数存在extract变量覆盖，关键代码如下： public function renderExecute$runfile0123456789,$data0123456789 ...//省略无关代码 if$datas0123456789!==null extract$datas0123456789;...

Netgear DGN2200 Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

exV2 <= 2.0.4.3 - extract() Remote Command Execution Exploit

No description provided by source...

PHP-Update <= 2.7 extract() Auth Bypass / Shell Inject Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- PHPUpdate = 2.7 extract auth bypass / shell inject by rgod dork: Powered by PHP-Update -site:www.php-update.co.uk mail: retrog at alice dot it site:...

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...