Gitmails - An Information Gathering Tool To Colect Git Commit Emails In Version Control Host Services

An information gathering tool to colect git commit emails in version control host services. Overview Gitmails explores that git commits contains a name and an email configured by the author and that version control host services are being used to store a lot of projects. What Gitmails does is:...

File Upload Vulnerability in DedeCMS v5.7 SP2

Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the uploads/include/uploadsafe.inc.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload script files and obtain a webshell...

CVE-2018-9145

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the...

Khan Academy: https://mathfacts.khanacademy.org/ includes code from unprivileged localhost port

The webpage https://mathfacts.khanacademy.org/ contains an invalid javascript include at the bottom of the page: This is probably some unintended leftover from the development. In normal situations this will only cause the browser to be unable to connect. But it can actually become a security ris...

PT-2018-18894 · Axis +1 · Axis M1033-W +1

Name of the Vulnerable Software and Affected Versions: AXIS M1033-W IP camera Firmware version 5.40.5.1 Description: An issue was discovered where the upload web page does not verify the file type, allowing an attacker to upload a webshell by making a fileUpload.shtml request for a custom .shtml...

Intelbras Telefone IP TIP200 LITE Local File Disclosure

Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Google Dork: Date: 16/03/2018 Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29 REQUIRED Tested on: Debian CVE : if applicable Remember that yo...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2018-8712

Webmin 1.840/1.880 expose a Local File Inclusion flaw due to weak default config: enabling "Can view any file as a log file" lets non-privileged users read sensitive local files (e.g., /etc/shadow) via GET /syslog/save_log.cgi?view=1&file=/etc/shadow. Root cause: default settings grant access to ...

Solaris 10 (x86) : 139501-02

SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-2018-6910

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php...

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02843)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'op' parameter to the include\spacecp\spacecpupload.php file to inject arbitrary web script or HTML...

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

Design/Logic Flaw

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpspace.php appid parameter in a delete action...

UBUNTU-CVE-2017-17712

The rawsendmsg function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet-hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges...

WordPress WP Mobile Detector 3.5 Shell Upload Exploit

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a...

SQL Injection Vulnerability in taoCMS Documentation Frontend

TaoCMS is the smallest around 100Kb fully functional CMS management system in China based on php+sqlite/mysql. taoCMS has a SQL injection vulnerability in the include/Model/Index.php file, which allows attackers to exploit the vulnerability to obtain sensitive database information...

UBUNTU-CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...