2620 matches found
CVE-2017-8360
Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data keystrokes to any process. In mictray64.exe mic tray icon 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: deb...
Wonder CMS PHP Remote File Inclusion
Wonder CMS is an open source content management system CMS. A PHP remote file inclusion vulnerability exists in the editInplace.php file in Wonder CMS version 2014. A remote attacker can execute arbitrary PHP code with the help of the hook parameter in the URL...
CVE-2014-8705
The CVE-2014-8705 issue concerns Wonder CMS 2014, where editInplace.php is vulnerable to a PHP Remote File Inclusion. An attacker can trigger arbitrary PHP code execution by supplying a crafted URL in the hook parameter. Connected sources (CNVD-2017-03526) confirm the vulnerability exists in Wond...
AXIS Communications - Cross-Site Scripting / Content Injection
0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...
CVE-2016-8012
Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...
Improper access control
Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...
CVE-2016-8012
CVE-2016-8012 affects Intel Security Data Loss Prevention Endpoint (DLPe) versions 9.4.200 and 9.3.600. The issue is an access-control vulnerability allowing authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes by manipulating pages in the target proces...
CVE-2016-8012
Access control vulnerability in Intel Security Data Loss Prevention Endpoint DLPe 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get...
PT-2016-3171 · Apache +5 · Apache Http Server +5
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server mod ssl versions 2.2.x through 2.2.32 Apache HTTP Server mod ssl versions 2.4.x through 2.4.25 Description: The issue is related to a NULL pointer dereference error in the mod ssl module of the Apache HTTP Server. This erro...
GATTacker - BLE (Bluetooth Low Energy) Man-in-the-Middle
A Node.js package for BLE Bluetooth Low Energy security assessment using Man-in-the-Middle and other attacks. Prerequisites see: https://github.com/sandeepmistry/noble https://github.com/sandeepmistry/bleno Install npm install gattacker Usage Configure Running both components Set up variables in...
Subversion 1.6.6 / 1.6.12 - Code Execution
Exploit for linux platform in category remote exploits This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne email protected Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available,...
Subversion 1.6.6/1.6.12 - Code Execution
This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne [email protected] Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available, subversion server exposes webdav through apache,...
WiFi-Pumpkin v0.8.1 - Framework for Rogue Wi-Fi Access Point Attack
Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone...
UBUNTU-CVE-2016-6187
The apparmorsetprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook...
Fedora 24 : drupal7-views (2016-fff25f75b4)
Fixes Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 Changes since 7.x-3.13 : - Adding field handlers for statistics fields - \2200309 by helmo: Changed invalid placeholder from 'handler' to 'extender'. - \2708535 by stefan.r: Allow users to sort on a specific language, showing it...
Fedora 23 : drupal7-views (2016-ed5f606dde)
Fixes Views - Less Critical - Access Bypass - SA-CONTRIB-2016-036 Changes since 7.x-3.13 : - Adding field handlers for statistics fields - \2200309 by helmo: Changed invalid placeholder from 'handler' to 'extender'. - \2708535 by stefan.r: Allow users to sort on a specific language, showing it...
WiFi-Pumpkin v0.7.5 - Framework for Rogue Wi-Fi Access Point Attack
WiFi-Pumpkin is a security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 2.0.5 Python 2.7 git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git cd WiFi-Pumpkin chmod +x installer.sh ./installer.sh --install refer t...
Hook A Duck - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Hook A Duck published at the 'play' market has multiple vulnerabilities...
Fishing Hook - Dynamic Code Loading, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Fishing Hook published at the 'play' market has multiple vulnerabilities...
iOS song of ice and fire fan outside the post - App Hook the Q & A and iOS 9 bash shell-vulnerability warning-the black bar safety net
In the previous Chapter we talked about in a non-jailbreak iOS on the App Hook. Using this technique, you can be in a non-jailbreak iOS on the system to achieve a variety of hook features, e.g., micro-channel auto-grab a red envelope, the automatic chat robot, game plug-in, etc. But because of...