Lucene search
K

5117 matches found

0day.today
0day.today
added 2014/08/01 12:0 a.m.26 views

Oxwall 1.7.0 - Remote Code Execution Exploit

Oxwall suffers from an authenticated arbitrary PHP code execution. The vulnerability is caused due to the improper verification of uploaded files in '/admin/settings/user' script thru the 'avatar' and 'bigAvatar' POST parameters. This can be exploited to execute arbitrary PHP code by uploading a...

7.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/07/23 4:15 p.m.6 views

qemu: virtio: insufficient validation of num_sg when mapping

The virtqueuemapsg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read...

8.8CVSS7AI score0.00957EPSS
Exploits0References4
myhack58
myhack58
added 2014/07/14 12:0 a.m.14 views

Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net

0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/299/info The full physical path name for the IIS web server root directory may be obtained by attempting to view a non-existent .IDC file. The web server will return an error message that lists the absolute pathname of th...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

eXtremail <= 2.1.1 PLAIN authentication Remote Stack Overflow Exploit

No description provided by source. / extremail-v6.c Copyright c 2006 by [email protected] eXtremail =2.1.1 remote root exploit x86-lnx by mu-b - Wed Oct 18 2006 - Tested on: eXtremail 2.1.1 lnx eXtremail 2.1.0 lnx Stack overflow in ifParseAuthPlain - Private Source Code -DO NOT DISTRIBUTE -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

IBM GINA for NT 1.0 Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/608/info IBM has written a replacement GINA for Windows NT to allow NT hosts to authenticate against OS/2 domains. On machines running the modified GINA, the creation of a specific Registry key under...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26939/info Apache is prone to an information-disclosure vulnerability. This issue occurs because Apache fails to properly associate file extensions with the correct engines when handling specially crafted requests for fil...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

OracleAS TopLink Mapping Workbench Weak Encryption Algorithm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9515/info OracleAS TopLink Mapping Workbench is a tool included with OracleAS TopLink, a Java-based database integration development framework that is included as a component of various Oracle Application Server releases...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.8 views

Play! Framework <= 1.0.3.1 Directory Transversal Vulnerability

No description provided by source. Exploit Title: Play! Framework = 1.0.3.1 Directory Transversal Vulnerability Date: July 24, 2010 Author: kripthor Software Link: http://www.playframework.org/ Version: Play! Framework = 1.0.3.1 Tested on: Ubuntu 10 CVE : N/A Notes: 28/07/2010 at 14:03 - Develope...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

FrontPage 97/98 Server Image Mapper Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/1117/info The htimage.exe and imagemap.exe files included with FrontPage handle server-side image mapping functions. Under normal operations, it would be passed a map name and a set of coordinates in the format http:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

DMS POP3 Server 1.5.3 build 37 - Buffer Overflow Exploit

No description provided by source. ===== Start DMSPOP3Overflow.pl ===== Usage: DMSPOP3Overflow.pl ip port DMSPOP3Overflow.pl 127.0.0.1 110 DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 Download: http://www.digitalmapping.sk.ca/pop3srv/default.asp Patch:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/06/21 12:0 a.m.321 views

Linux Kernel 3.13 - SGID Privilege Escalation

/ CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include include include include define STACKSIZE 1024...

6.2CVSS7.9AI score0.03303EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.31 views

openSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

7.2CVSS7.6AI score0.01896EPSS
Exploits1References34
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.35 views

openSUSE Security Update : seamonkey (seamonkey-4074)

Mozilla SeaMonkey was updated to version 2.0.12, fixing various security issues. Following security issues were fixed: MFSA 2011-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed...

10CVSS9.2AI score0.072EPSS
Exploits3References12
Kitploit
Kitploit
added 2014/04/20 4:24 p.m.25 views

KisMAC - Free Sniffer/Scanner application for Mac OS X

KisMAC is an open-source and free sniffer/scanner application for Mac OS X. It has an advantage over MacStumbler / iStumbler / NetStumbler in that it uses monitor mode and passive scanning. KisMAC supports many third party USB devices: Intersil Prism2, Ralink rt2570, rt73, and Realtek rtl8187...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/04/09 10:57 a.m.31 views

CVE-2014-1718

Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/rendererhost/softwareframemanager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS7.3AI score0.01571EPSS
Exploits1References7
Prion
Prion
added 2014/04/09 10:57 a.m.18 views

Integer overflow

Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/rendererhost/softwareframemanager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS7.8AI score0.01571EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2014/04/09 10:0 a.m.22 views

CVE-2014-1718

Removed by vendor...

7.5CVSS9.4AI score0.01571EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/03/20 12:0 a.m.70 views

NAT-PMP Detection (remote network)

The remote device has the NAT-PMP protocol enabled. This protocol may allow any application on an internal subnet to request port mappings from the outside to the inside. If this service is reachable from the outside your network, it may allow a remote attacker to gain more information about your...

5.7AI score
Exploits0
myhack58
myhack58
added 2014/03/18 12:0 a.m.54 views

STRUTS2 framework getClassLoader exploit-vulnerability warning-the black bar safety net

by emptiness prodigal heart http://www.inbreak.net Twitter: http://t.qq.com/javasecurity Summary: 2 0 1 2 year, I in the attack JAVA WEB action, the text of Titus on“the classLoader that caused the particular environment under DOS vulnerability”at the time and no more in-depth explanation, these...

8.2AI score
Exploits0
Rows per page
Query Builder