UBUNTU-CVE-2014-5282

Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'...

Exploit for Uncontrolled Resource Consumption in Wordpress

CVE-2018-6389 Wordpress Exploit CVE-2018-6389 Exploit Can Dow...

Exploit for Uncontrolled Resource Consumption in Wordpress

CVE-2018-6389 Wordpress Exploit CVE-2018-6389 Exploit Can Dow...

WordPress Core Load Script Denial of Service (CVE-2018-6389)

A Denial of Service vulnerability exists within WordPress Core Load Script. This vulnerability is due to the way WordPress handles large array loads. Successful exploitation could lead to a denial of service...

Unpatched DoS Flaw Could Help Anyone Take Down WordPress Websites

A simple yet serious application-level denial of service DoS vulnerability has been discovered in WordPress CMS platform that could allow anyone to take down most WordPress websites even with a single machine—without hitting with a massive amount of bandwidth, as required in network-level DDoS...

WordPress Core load-scripts.php Denial Of Service

import requests import sys import threading import random import re import argparse host='' headersuseragents= requestcounter=0 printedMsgs = def printMsgmsg: if msg not in printedMsgs: print "\n"+msg + " after %i requests" % requestcounter printedMsgs.appendmsg def useragentlist: global...

VMSA-2018-0007:VMware Virtual Appliance updates address side-channel analysis due to speculative execution

VMSA-2018-0007.6 VMware Virtual Appliance updates address side-channel analysis due to speculative execution VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0007.6 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Virtual Appliance...

WordPress Core - load-scripts.php Denial of Service

WordPress Core - load-scripts.php Denial of Service EDB Note: python doser.py -g...

WordPress Core - 'load-scripts.php' Denial of Service

EDB Note: python doser.py -g...

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

Huawei TripAdvisor Catwalk App Loads Arbitrary URL Vulnerability

TripAdvisor offers a wealth of travel planning and booking features, as well as powerful offline downloads and local services, making it a "must-have" tool for your outbound travel. A load arbitrary URL vulnerability exists in the Huawei TripAdvisor Catwalk application due to insufficient paramet...

CVE-2018-6395

SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action...

CVE-2018-6398

SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action...

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...

GoAhead Web Server 2.5 < 3.6.5 - HTTPd LD_PRELOAD Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Apache NiFi Sensitive Information Disclosure Vulnerability

Apache NiFi is a data streaming based data processing and distribution system. A security vulnerability in Apache NiFi's handling of HTTP requests allows remote attackers to exploit the vulnerability by submitting a special request to load NiFi to load resources from an external server...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

The vulnerability of the post_load function in the QEMU hardware-emulation driver’s hw/input/ps2.c file allows a hacker to perform out-of-buffer reading operations in dynamic memory.

The vulnerability of the postload function in the QEMU hardware-emulation emulator’s hw/input/ps2.c file is related to incorrect validation of input data. Exploiting this vulnerability allows a remote attacker to perform out-of-buffer read operations on dynamic memory...

GoAhead Web Server 2.5 &lt; 3.6.5 - HTTPd &#039;LD_PRELOAD&#039; Arbitrary Module Load (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

[SECURITY] Fedora 27 Update: bind-dyndb-ldap-11.1-8.fc27

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...