3631 matches found
Abyss Web Server Memory Heap Corruption
Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abyss Web Server v2.11.6 Vulnerability Type:...
Abyss Web Server < 2.11.6 - Heap Memory Corruption
Credits: John Page aka HyP3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ABYSS-WEB-SERVER-MEMORY-HEAP-CORRUPTION.txt + ISR: ApparitionSec Vendor: ========== aprelium.com Product: =========== Abyss Web Server v2.11.6 Vulnerability Type:...
Potential Command Injection in codem-transcode
When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...
GHSA-RPH7-J9QR-H8Q8 Potential Command Injection in codem-transcode
When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...
[SECURITY] Fedora 27 Update: curl-7.55.1-6.fc27
curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...
Design/Logic Flaw
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...
CVE-2017-16249
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying 300 seconds with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web...
CVE-2017-16249
CVE-2017-16249 affects Brother’s Debut embedded HTTP server in printers. A single malformed HTTP POST can cause the server to hang for about 300 seconds, yielding an HTTP 500 and blocking printing and the web interface; affected versions are
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...
CVE-2017-2891
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request...
Debut Embedded HTTPd 1.20 - Denial of Service
Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedded http server contains a remotely exploitable...
Cross site scripting
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
CVE-2017-7335
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
CVE-2017-7335
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
CVE-2017-7335
A Cross-Site Scripting XSS vulnerability in Fortinet FortiWLC 6.1-x 6.1-2, 6.1-4 and 6.1-5; 7.0-x 7.0-7, 7.0-8, 7.0-9, 7.0-10; and 8.x 8.0, 8.1, 8.2 and 8.3.0-8.3.2 allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" prese...
WordPress Polls 1.2.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 22/10/2017 Vulnerable version: 1.2.4 Download Link :...
WordPress Polls 1.2.4 SQL Injection
Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 22/10/2017 Vulnerable version: 1.2.4 Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip Love to : zero cool,Team...
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)
Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls plugin is a tool for creating polls and survey...