15 matches found
List of Security Fixes and Improvements in Veeam Agent for Microsoft Windows
Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Microsoft Windows. This article aims to provide our customers' security and compliance teams with detailed information on security improvements between releases to he...
Cisco DCNM JBoss 10.4 - Credential Leakage
Cisco DCNM JBoss 10.4 - Credential Leakage Exploit Title: Cisco DCNM JBoss 10.4 - Credential Leakage Date: 2020-01-06 Exploit Author: Harrison Neal Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/281722751/type/282088134/release/10.42 Version: 10.42...
Tomcat 9.0.0.M1 Sandbox Escape
Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link: https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.exe Version: 8.0.36...
EBBISLAND EBBSHAVE 6100-09-04-1441 Remote Buffer Overflow
Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND /...
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND /...
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads Version: 2018.2.4 for Windows CVE: CVE-2019-15039...
Three Charged for Working With Serial Swatter
The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target's address. Investigators say the men, aged 19 to 23, all carried out the attacks wit...
bario-neal.com XSS vulnerability
Open Bug Bounty ID: OBB-584783 Description| Value ---|--- Affected Website:| bario-neal.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com
--- http://parse.com directory traversal vulnerability| Little Insight: http://parse.com was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4t...
Nodejs js-yaml load() Code Exec
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Nodejs js-yaml load() Code Execution
This module can be used to abuse node.js applications that parse user-supplied YAML input using the load function from the 'js-yaml' package 'Nodejs js-yaml load Code Execution', 'Description' = %q This module can be used to abuse node.js applications that parse user-supplied YAML input using the...
BREACH decodes HTTPS encrypted data in 30 seconds
A new hacking technique dubbed BREACH can extract login tokens, session ID numbers and other sensitive information from SSL/TLS encrypted web traffic in just 30 seconds. The technique was demonstrated at the Black Hat security conference in Las Vegas Presentation PDF & Paper by Gluck along with...
nginx 0.6.x Arbitrary Code Execution NullByte Injection Vulnerability
Exploit for multiple platform in category web applications Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version:...
nginx 0.6.x Arbitrary Code Execution NullByte Injection
No description provided by source. Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version: 0.5., 0.6., 0.7 = 0.7.65,...
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection Exploit Title: nginx Arbitrary Code Execution NullByte Injection Date: 24/08/2011 Exploit Author: Neal Poole Vendor Homepage: http://nginx.org/ Software Link: https://launchpad.net/nginx/0.6/0.6.36/+download/nginx-0.6.36.tar.gz Version:...