CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

Null pointer dereference

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs...

CVE-2017-4900

VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL pointer dereference vulnerability that exists in the SVGA driver. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs...

CVE-2017-7564

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service secure world panic via vectors involving debug exceptions and debug registers...

The Uber platform coming out of authentication vulnerabilities, exploit the vulnerability can reset any account password-loophole warning-the black bar safety net

Italian security expert Vincenzo C. Aka found the Uber platform authentication vulnerabilities, any account can use this vulnerability to reset the password, this discovery yesterday officially announced. In fact, the initiator of the“authentication crisis”the vulnerability is in the seven months...

Stored Cross-Site Scripting (XSS)

Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

Western Digital My Cloud Buffer Overflow

------------------------------------------------------------------------ Stack-based buffer overflow in Western Digital My Cloud allows for remote code execution ------------------------------------------------------------------------ Remco Vermeulen, January 2017...

The vulnerability of the LibTIFF library, which allows a hacker to trigger a service failure

The vulnerability of the TIFFFetchNormalTag function in the LibTIFF library arises from the execution of an operation beyond the buffer boundaries on the stack. Exploiting this vulnerability can allow a malicious actor to cause a service failure memory overflow by using a specially created file o...

ALPINE-CVE-2016-9448

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service NULL pointer dereference and crash by setting the tags TIFFSETGETC16ASCII or TIFFSETGETC32ASCII to values that access 0-byte arrays. NOTE: this vulnerability exists because of an incomplete fix f...

Moodle CMS 3.1.2 Cross Site Scripting / File Upload

Title: Multiple Vulnerabilities - Moodle CMS -3.1.2 Application: Moodle CMS Versions Affected: = 3.1.2 Vendor URL: https://moodle.org/ Software URL: https://download.moodle.org/ Discovered by: Joel Vadodil Varghese Tested on: Windows 10 Pro Bugs: Persistent Cross Site Scripting, Non-Persistent...

Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)

Exploit for php platform in category web applications ================================================================================================================ Open Upload 0.4.2 Remote Admin Add CSRF Exploit and Changing Normal user permission...

SQL Injection Vulnerability in the Comprehensive Information Portal System of Nanjing Normal University Finance Department

Nanjing Normal University Finance Department comprehensive information portal system is a set of financial management platform. SQL injection vulnerability exists in Nanjing Normal University Finance Department Comprehensive Information Portal System, which can be exploited by attackers to obtain...

Audit CouchDB - The Simple, Clear, CouchDB Security Assessment

Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...

Cookiescanner - Tool to Check the Cookie Flag for a Multiple Sites

Tool to do more easy the web scan proccess to check if the secure and HTTPOnly flags are enabled in the cookies path and expires too. This tools allows probe multiple urls through a input file, by a google domain looking in all subdomains or by a unique url. Also, supports multiple output like...

linux/x86 normal exit with random (so to speak) return value 5 bytes

No description provided by source. / linux/x86 normal exit w/ random so to speak return value - 5 bytes - izik [email protected] / char shellcode = \x31\xc0 // xor %eax,%eax \x40 // inc %eax \xcd\x80; // int $0x80 int mainint argc, char argv int ret; ret = int &ret + 2; ret = int shellcode; //...

phpauctionsystem (xss/sql) Multiple Vulnerabilities

No description provided by source. PHPAuctionSystem Author:x0r Email:[email protected] Cms:PhpAuctionSystemvnew Cmsprice:$59.99 Demo:http://www.phpauctions.info/demo/ BugIn:\profile.phpBlind\Normal Sql Injection ExploitBlind: profile.php?userid=29%20and%20substring@@version,1,1=5--...

iScripts Support Desk 4.1 SQL Injection

Normal Sql postticketbeforeregistersave.php Staff table post : txtname=faris&[email protected]&prty=0&deptid=11 /!1337andselect 1 fromselect count,concatselect select select distinct concat0x7e,0x27,unhexHexcasttablename as char,0x27,0x7e from informationschema.tables where tableschema=databas...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...