53 matches found
macOS 10.14.1 Carbon Core Memory corruption Vulnerability
CVE: CVE-2018-4463 Old and funny bug CVE-2018-4463 was patched by Apple in last macOS security update. Since 2015 Apple was exposing the users using Apple’s filesystem for stack overflow and infection by hidedd malware in DMG image. Insufficient patch for old vulnerability is the cause of problem...
Apple macOS 10.12.1 / iOS 10 SecureTransport SSL Handshake MitM / DoS
Apple macOS 10.12.1/iOS 10 SecureTransport SSL handshake OCSP MiTM and DoS Credit: Maksymilian Arciemowicz https://cxsecurity.com/ URL: https://cxsecurity.com/issue/WLB-2016100213 --- 0. Description ---- The latest macOS and iOS have weak OCSP validation process which allow attacker to send OCSP...
phpMyAdmin 4.4.6 Man-In-the-Middle API Github
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github CVE-2015-3903 Author: Maksymilian Arciemowicz from https://cxsecurity.com Issue type: CWE-295 Source URL: http://cxsecurity.com/issue/WLB-2015050095 --- Description --- As we can read CURLOPTSSLVERIFYPEER option...
PHP 5.4 (5.4.3) Code Execution (Win32)
No description provided by source. // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish...
PHP 5.2.11/5.3.0 - Multiple Vulnerabilities
No description provided by source. ?php / PHP 5.2.11/5.3.0 symlink openbasedir bypass by Maksymilian Arciemowicz http://securityreason.com/ cxib a.T securityreason d0t com CHUJWAMWMUZG / $fakedir=cx; $fakedep=16; $num=0; // offset of symlink.$num if!empty$GET'file' $file=$GET'file'; else...
Pligg CMS (story.php?id) 1.0.4 - SQL Injection Vulnerability
No description provided by source. / ! Pligg CMS story.php?id SQL Injection Vulnerability ! Author : Don Tukulesto [email protected] ! Homepage: http://indonesiancoder.com ! Date : Tue, April 27, 2010 ! Tune in : http://antisecradio.fm choose your weapon / Software Information Vendor :...
php 5.3.8 - Multiple Vulnerabilities
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NUL...
HostBill App 2.3 - Remote Code Injection Vulnerability
No description provided by source. =-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM: Team...
Joomla com_jnewspaper (cid) SQL Injection Vulnerability
No description provided by source. / ! Joomla comjnewspaper cid SQL Injection Vulnerability ! Author : Don Tukulesto [email protected] ! Homepage : http://indonesiancoder.com ! Date : Tue, April 20, 2010 ! Tune in : http://antisecradio.fm choose your weapon / Software Information Vendor :...
FreeBSD 9.1 ftpd Remote Denial of Service
FreeBSD 9.1 ftpd Remote Denial of Service Maksymilian Arciemowicz http://cxsecurity.org/ http://cxsec.org/ Public Date: 01.02.2013 URL: http://cxsecurity.com/issue/WLB-2013020003 Affected servers: - ftp.uk.freebsd.org, - ftp.ua.freebsd.org, - ftp5.freebsd.org, - ftp5.us.freebsd.org, -...
PHP 5.4.3 'com_print_typeinfo()'远程代码执行漏洞
PHP是一种HTML内嵌式的语言 PHP comprinttypeinfo存在一个安全漏洞,允许攻击者执行任意代码。此漏洞影响windows平台上的php版本,在windows平台上其"COM"函数作为PHP核心的一部分。攻击者需要上传恶意PHP代码到服务器,攻击者可以通过"exec"使用PHP运行SHELL命令 0 PHP 5.4.3 厂商解决方案 目前没有详细解决方案提供: http://www.php.net/ // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in...
PHP version 5.4.3 code execution exploit for Win32
No description provided by source. // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish...
PHP 5.4 Win32 Code Execution
Exploit for php platform in category remote exploits // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polis...
PHP 5.4.3 (Windows x86 Polish) - Code Execution
// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...
HostBill App 2.3 - Remote Code Injection
=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah, The Most Beneficent, The Most Merciful-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: suffering from RemotE injection php code Vendor:hostbillapp.com + Software:HostBill + Version : v2.3 + author:Dr.DaShE TEAM: Team 403 ? - contact: Dasher403atgmail.c...
PHP 5.3.8 - Multiple Vulnerabilities
PHP 5.3.8 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple...
PHP 5.3.8 - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NULL Pointer Dereference with...
Libc - 'regcomp()' Stack Exhaustion Denial of Service
? / PHP 5.4 5.3 memorylimit bypass exploit poc by Maksymilian Arciemowicz http://cxsecurity.com/ cxib a.T cxsecurity d0t com To show memorylimit in PHP php /www/memlimpoc.php 1 35000000 PHP Fatal error: Allowed memory size of 33554432 bytes exhausted tried to allocate 35000001 bytes in...
NetBSD 5.1 libc/net multiple functions stack buffer overflow
No description provided by source. NetBSD 5.1 libc/net multiple functions stack buffer overflow Author: Maksymilian Arciemowicz http://netbsd.org/donations/ Date: - Dis.: 01.04.2011 - Pub.: 01.07.2011 CVE: CVE-2011-1656 CWE: CWE-121 Affected software: - NetBSD 5.1 fixed Affected functions: -...
apr security update
CentOS Errata and Security Advisory CESA-2011:0507 Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...