UBUNTU-CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...

Mandriva Linux Security Advisory : ntp (MDVSA-2015:046)

Updated ntp packages fix security vulnerabilities : Stephen Roettger of the Google Security Team, Sebastian Krahmer of the SUSE Security Team and Harlan Stenn of Network Time Foundation discovered that the length value in extension fields is not properly validated in several code paths in...

MvMmallv5. 5SQL injection of php exp exploit-vulnerability warning-the black bar safety net

Vulnerability type: MvMmall v5. 5. 1 SQL injection vulnerability Default background:admincp. php? module=index Google search:”Powered by MvMmall v5. 5. 1" One, use: php exp use 1 Install the php environment Use phpnow very simple to install. 2 Use exp attack Link: Extract password: aahj The exp...

Symantec-Endpoint-Protection-Manager

Symantec has an http request handler called ConfigServerHandler that is programmatically restricted to only handle requests that come from localhost. I guess when they wrote this they just assumed that there was never going to be a way to send untrusted input to it since it was always going to be...

Debian DSA-3108-1 : ntp - security update

Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. - CVE-2014-9293 ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities. -...

DEBIAN-CVE-2014-9038

wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery SSRF attacks by referring to a 127.0.0.0/8 resource...

FlatNuke 3.1.x Cross Site Scripting

------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------...

FlatNuke 3.1.4 (FlatPoll) Persistent XSS Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------ 0day.today...

iFunBox Free v1.1 iOS - File Include Vulnerability

Document Title: =============== iFunBox Free v1.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1344 Release Date: ============= 2014-10-20 Vulnerability Laboratory ID VL-ID: ==================================== 1344...

jom3aco SQL Injection

jom3aco new SQL Injection Vulnerability ======================================= Author : indoushka Vondor : http://www.jom3a.com Dork : show.php?do=viewsubject&id=&ids= ========================== SQL Injection : http://localhost/www/show.php?do=viewsubject&id=&ids=14 inject her Fckeditor Upload :...

trousers: DoS vulnerability in tcsd

A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost...

NDBLOG 0.1 Cross Site Scripting / SQL Injection

NDBLOG version 0.1 multi Vulnerability ====================================== Author : indoushka Vondor : ALAMARAB2.com Dork : جميع الحقوق محفوظة © - ALAMARAB2.com - NDBLOG v0.1 ================================================== Sql injection : http://localhost/ND/blog.php?id=85 inject her Blind...

WordPress yakimabait Theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications Poc : http://localhost/wp-content/themes/yakimabait/download.php?file=./wp-config.php Demo : http://www.yakimabait.com/wp-content/themes/yakimabait/download.php?file=./wp-config.php --------------------------------------- Greetz to : All...

WordPress Antioch Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress Antioch Theme Arbitrary File Download Vulnerability | | Google Dork: inurl:wp-content/themes/antioch | | Date : Date: 2014-09-07 | | Exploit...

(0Day) (Pwn2Own\Pwn4Fun) Microsoft Internet Explorer localhost Protected Mode Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Do not scan localhost on the Tenable Appliance or Tenable.io

Binary data dontscanlocalhost.nbin...

Clipbucket 2.4 RC2 645 SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................Clipbucket 2.4 RC2 645 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.clip-bucket.com/ Discovery...

linux/x86 bindport 8000 & add user with root access 225+ bytes

No description provided by source. ; ; Title : Bindport TCP/8000 & execve add user with access root ; os : Linux x86 ; size : 225+ bytes ; IP : localhost ; Port : 8000 ; Use : nc localhost 8000 ; ; Author : Jonathan Salwan ; Mail : submit AT shell-storm.org ; Web : http://www.shell-storm.org ; ; ...

sNews 1.7 - (index.php?category) SQL Injection Vulnerability

No description provided by source. sNews v1.7 index.php?category SQL Injection Vulnerability Author : CoBRa21 Author Web Page : http://www.ipbul.org Dork: Powered by sNews Sql Injection: http://localhost/path/index.php?category=-3 union select 0,version,2,3,4,5,6,7,8 Thanks http://e-banka.org &...

Joomla Component Fabrik com_fabrik Local File Inclusion Vulnerability

No description provided by source. ============================================================================================================ o Joomla Component Fabrik Local File Inclusion Vulnerability Software : comfabrik version 2.0 Vendor : http://fabrikar.com/ Author : AntiSecurity NoGe...