CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a “?php ” substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

PT-2017-4155

Name of the Vulnerable Software and Affected Versions PHPUnit versions 4.8.19 through 4.8.27 PHPUnit versions 5.x before 5.6.3 Description The issue is related to the Util/PHP/eval-stdin.php component in PHPUnit, which allows remote attackers to execute arbitrary PHP code via HTTP POST data...

Quora: Possibility of DOS Through logging System

The Quora is using HTTP post method to send logs to the Quora Server and save the logs on the server Which is not Validating the size of the log data and directly storing a large amount of data on the server. i mean when the logs are sended to the server a bad guy can use the same HTTP POST metho...

Inflection: Open Redirect through POST Request

The HTTP POST request to /oauth/authorize could be tampered with to allow an attacker to maliciously redirect the user to an arbitrary URL after failed authentication. Due to how the OAuth protocol works, the attacker would need to MITM or otherwise tamper with the request from a local network, a...

EFS Easy Chat Server 3.1 - Password Reset Exploit

Exploit for windows platform in category web applications Exploit Title: Easy Chat Server Remote Password Reset Date: 09/10/2017 Software Link: http://echatserver.com/ecssetup.exe Exploit Author: Aitezaz Mohsin Vulnerable Version: v2.0 to v3.1 Vulnerability Type: Pre-Auth Remote Password Reset...

EFS Easy Chat Server 3.1 - Password Reset

Exploit Title: Easy Chat Server Remote Password Reset Date: 09/10/2017 Software Link: http://echatserver.com/ecssetup.exe Exploit Author: Aitezaz Mohsin Vulnerable Version: v2.0 to v3.1 Vulnerability Type: Pre-Auth Remote Password Reset Severity: Critical...

EFS Easy Chat Server 3.1 - Password Reset

EFS Easy Chat Server 3.1 - Password Reset Exploit Title: Easy Chat Server Remote Password Reset Date: 09/10/2017 Software Link: http://echatserver.com/ecssetup.exe Exploit Author: Aitezaz Mohsin Vulnerable Version: v2.0 to v3.1 Vulnerability Type: Pre-Auth Remote Password Reset Severity: Critical...

Easy Chat Server 3.1 Remote Password Reset

Exploit Title: Easy Chat Server Remote Password Reset Date: 09/10/2017 Software Link: http://echatserver.com/ecssetup.exe Exploit Author: Aitezaz Mohsin Vulnerable Version: v2.0 to v3.1 Vulnerability Type: Pre-Auth Remote Password Reset Severity: Critical...

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

File2pcap - The Talos Swiss Army Knife of Snort Rule Creation

This post was authored by Martin Zeiser with contributions by Joel EslerAt Talos we are constantly on the lookout for threats to our customers networks, and part of the protection process is creating Snort rules for the latest vulnerabilities in order to detect any attacks.To improve your...

Unauthorized Modification Of Data

github.com/gogits/gogs is vulnerable to unauthorized deletion of user application tokens. A malicious user can modify the HTTP post requests to delete another user's application token...

CVE-2017-6629

A vulnerability in the ImageID parameter of Cisco Unity Connection 10.52 could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that...

Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability

A vulnerability in the ImageID parameter of Cisco Unity Connection could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe...

Unauthorized Modification Of Data

github.com/go-gitea/gitea is vulnerable to unauthorized deletion of user emails. A malicious user can modify the HTTP post requests to delete another user's email...

CVE-2017-8220

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

Remote code execution

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

Null pointer dereference

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/webrunScript iwfilename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server...