The researchers published the iOS kernel exploit code-exploit warning-the black bar safety net

From the mobile security company Zimperium researchers Adam Donenfeld published zIVA kernel exploit program PoC code. zIVA affect iOS 10.3.1 and prior versions, an attacker can by zIVA using the code to get any read-write and root access. Apple 5 months to fix the vulnerability Apple to 5 months ...

de.greatxhamster.com XSS vulnerability

Vulnerable URL: http://de.greatxhamster.com/?search=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E=16=14 Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 16:36 GMT Vulnerability type:| XSS Vulnerability status:...

Logpoint Remote Code Execution

Exploit Title: Unauthenticated remote root code execution on logpoint 5.6.4 Date: 11/06/17 Exploit Author: agix Vendor Homepage: https://www.logpoint.com Version: logpoint 5.6.4 Tested on: 5.6.2 Vendor contact 19/04 Exploit details sent to the vendor 24/04 Patch in test mode 05/05 Patch release t...

Logpoint < 5.6.4 - Root Remote Code Execution

Exploit Title: Unauthenticated remote root code execution on logpoint 5.6.4 Date: 11/06/17 Exploit Author: agix Vendor Homepage: https://www.logpoint.com Version: logpoint 5.6.4 Tested on: 5.6.2 Vendor contact 19/04 Exploit details sent to the vendor 24/04 Patch in test mode 05/05 Patch release t...

Sungard eTRAKiT3 3.2.1.17 - SQL Injection

Sungard eTRAKiT3 3.2.1.17 - SQL Injection Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticat...

Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection

Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticated user. Vulnerabilities ================...

Sophos Web Appliance 4.3.1.1 - Session Fixation Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Sophos Secure Web Appliance Session Fixation Vulnerability Date: 28/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: https://www.sophos.com/en-us/products/secure-web-gateway.aspx Version: Tested ...

SquirrelMail Remote Code Execution Vulnerability Patched

Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...

Acknowledgement of Attacks Leveraging Microsoft Zero-Day

FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office...

Microsoft Windows LoadUvsTable() Buffer Overflow

Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analysis is available at:...

Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow

Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analysis is available at:...

Steam Profile Integration 2.0.11 - SQL injection

Exploit Title: IPS Community Suite - Steam Profile Integration 2.0.11 and below SQL injection Google Dork: inurl:tab=nodesteamsteamprofile Date: 13/03/2017 Exploit Author: DrWhat Vendor Homepage: https://invisionpower.com/files/file/8170-steam-profile-integration/ Software Link:...

Check Box 2016 Q2 Survey Directory Traversal / Open Redirection

Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Check Box 2016 Q2 Survey - Multiple Vulnerabilities Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

Django security restrictions bypass Vulnerability(CVE-2 0 1 6-7 4 0 1)-vulnerability warning-the black bar safety net

Affected system: Django Django 1.8.15 Django Django 1.9. x 1.9.10 Description: BUGTRAQ ID: 9 3 1 8 2 CVECAN ID: CVE-2 0 1 6-7 4 0 1 Django is the Python programming language to drive an open source Web application framework. Django 1.8.15, and 1.9. x 1.9.10 version, cookie parsing code with the...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed...

Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting

Exploit for linux platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed...