WordPad Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft WordPad parses specially crafted files. Exploitation of this vulnerability requires that a user open a specially crafted file with an affected version of Microsoft WordPad. In an email attack scenario, an attacker could exploi...

sbap.be XSS vulnerability

Vulnerable URL: http://www.sbap.be/search/Search.asp?WRITER=1"...

GoAutoDial 3.3 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database...

EternalPetya – yet another stolen piece in the package?

Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is...

Symantec Messaging Gateway 10.x < 10.6.3-266 Multiple Vulnerabilities (SYM17-004)

According to its self-reported version number, the Symantec Messaging Gateway SMG running on the remote host is 10.x prior to 10.6.3-266. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when handling email attachments involving malformed o...

wissenswertes.at XSS vulnerability

Vulnerable URL: https://www.wissenswertes.at/index.php?id=suche Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 323268 VIP website status:| No Check wissenswertes.at SSL connection:| Grade: F Coordinated Disclosu...

Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution

Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date published: 2017-06-28 Date of last update: 2017-06-28 Vendors...

CVE-2017-6324

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality residen...

Authentication flaw

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality residen...

CVE-2017-6324

Summary of CVE-2017-6324 (Symantec Messaging Gateway) : A security feature bypass vulnerability exists in SMG when handling a specific Word attachment with macros, allowing bypass of the administrator-enabled disarm functionality. This is documented by multiple sources (NVD entry and vendor/Nessu...

CVE-2017-6324

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality residen...

bomont.nl XSS vulnerability

Vulnerable URL: https://www.bomont.nl/zoek/?q=a'aa"onfocus=prompt/OPENBUGBOUNTY/+autofocus=x+bad=--...

gira.com XSS vulnerability

Vulnerable URL: http://www.gira.com/nlBE/suche.html/"'--!confirm/OPENBUGBOUNTY/...

Design/Logic Flaw

Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution...

Clicking Outlook 2016 search field prompts for install and hangs

Every time the search field in Outlook 2016 is clicked on in an elastically layered image, a prompt for credentials is displayed and an installer launches & hangs. This completely disables the search functionality of Outlook. This error can also occur on Outlook 2013...

Atlassian Confluence CVE-2017-9505 Security Bypass Vulnerability

Atlassian Confluence is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality...

Remote Code Execution (RCE)

Tablib is vulnerable to remote code execution RCE. The Databook functionality within Tablib deserializes untrusted data from yaml files when importing books, allowing attackers to execute python commands...

gliffy.com XSS vulnerability

Vulnerable URL: https://www.gliffy.com/support/result.php?search=...

Microsoft Security Advisory 4025685: Guidance for older platforms (XP / 2003) (EXPLODINGCAN)

The remote Windows host is missing a security update. It is, therefore, affected by one or more of the following vulnerabilities : - A remote code execution vulnerability exists in how the Remote Desktop Protocol RDP handles requests if the RDP server has Smart Card authentication enabled. An...