Career Portal 1.0 - SQL Injection

Exploit Title: Career Portal v1.0 - SQL Injection Date: 2017-10-17 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Software Link: https://codecanyon.net/item/career-portal-online-job-search-script/20767278 Version: 1.0 Tested on...

Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)

A slow data siphon for MySQL/MariaDB using bitwise operation on printable ASCII characters, via a blind-SQL injection. Usage USAGE: blisqy.py --server --port --header --hvalue --inject --payload --dig --sleeptime Options: -h, --help show this help message and exit --server=WEBSERVER Specify host...

PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)

Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...

syncinteractive.com XSS vulnerability

Vulnerable URL: https://www.syncinteractive.com/portfolio.php?categoryid=1%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E=77 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Description Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the referenced CVE identifiers for details. Impact A remote attacker coul...

PYSEC-2017-45

Cross-site scripting XSS vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

FFmpeg 'ivr_read_header()' function denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in the 'ivrreadheader' function in the libavformat/rmdec.c file in FFmpeg version 3.3.3, which stems from the program's failure to adequately detect EOF End ...

Shijiazhuang Times Interactive Technology Co., Ltd. website building system has SQL injection vulnerabilities

Times Interactive website builder is an enterprise website builder. Shijiazhuang Times Interactive Technology Co., Ltd. website builder system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

Plasma - An Interactive Disassembler for x86/ARM/MIPS

PLASMA is an interactive disassembler. It can generate a more readable assembly pseudo code with colored syntax. You can write scripts with the available Python api see an example below. The project is still in big development. wiki : TODO list and some documentation. It supports : architectures ...

NetScaler SD-WAN QOS and Application Rules

Citrix SD-WAN, formerly NetScaler SD-WAN Table of Contents Introduction QOS Components Transmit Modes Queue Depth IP Rules Application QOS rules with release 9.3 Basic Rules Basic guidance on Rules. Other Settings that affect Applications. Appendix A: Default Rules Breakdown Introduction The...

SQL injection vulnerability in class parameter of Interactive Creation website building system

Interactive Creative Xiamen Digital Technology Co., Ltd. is a brand website construction company in Fujian Province, "Interactive Creative" is one of its independent brands. A SQL injection vulnerability exists in the class parameter of Interactive Creative's website building system. An attacker...

SQL injection vulnerability in news-details.php page of Interactive Creation website builder system

Interactive Creative Xiamen Digital Technology Co., Ltd. is a brand website construction company in Fujian Province, "Interactive Creative" is one of its independent brands. A SQL injection vulnerability exists in the news-details.php page of the Interactive Creative website builder system. An...

CVE-2017-7947

NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line...

Fedora 26 : git (2017-7ea0e02914)

An issue in git-shell could allow remote users to run an interactive pager. From the update announcement : ... fix a recently disclosed problem with 'git shell', which may allow a user who comes over SSH to run an interactive pager by causing it to spawn 'git upload-pack --help' CVE-2017-8386. Th...

Microsoft Windows Kernel CVE-2017-8561 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based...

CVE-2017-0298

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker ...

██████: Phone Call to XXE via Interactive Voice Response

| Summary | |--| ████ is vulnerable to XXE due to the processing of DTDs | Description | |--| "VoiceXML VXML is a digital document standard for specifying interactive media and voice dialogs between humans and computers. It is used for developing audio and voice response applications" When a user...

Hashcat v3.6.0 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

Microsoft Windows Kernel 'Win32k.sys' CVE-2017-8465 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to run processes with elevated privileges. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 1607 for x64-based Syste...