SquirrelMail Remote Code Execution Vulnerability Patched

Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...

Acknowledgement of Attacks Leveraging Microsoft Zero-Day

FireEye recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. This vulnerability allows a malicious actor to execute a Visual Basic script when the user opens a document containing an embedded exploit. FireEye has observed several Office...

Microsoft Windows LoadUvsTable() Buffer Overflow

Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analysis is available at:...

Microsoft Windows - 'LoadUvsTable()' Heap Buffer Overflow

Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analysis is available at:...

Steam Profile Integration 2.0.11 - SQL injection

Exploit Title: IPS Community Suite - Steam Profile Integration 2.0.11 and below SQL injection Google Dork: inurl:tab=nodesteamsteamprofile Date: 13/03/2017 Exploit Author: DrWhat Vendor Homepage: https://invisionpower.com/files/file/8170-steam-profile-integration/ Software Link:...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Check Box 2016 Q2 Survey - Multiple Vulnerabilities Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...

Check Box 2016 Q2 Survey Directory Traversal / Open Redirection

Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor Homepage: https://www.checkbox.com/ Software Link:...

Dell SonicWALL Global Management System (GMS) 8.1 Adobe Flex SOP Bypass

Summary Provide your organization, distributed enterprise or managed service offering with an intuitive, powerful way to rapidly deploy and centrally manage SonicWall solutions, with SonicWall GMS. Get more value from your firewall, secure remote access, anti-spam, and backup and recovery solutio...

Django security restrictions bypass Vulnerability(CVE-2 0 1 6-7 4 0 1)-vulnerability warning-the black bar safety net

Affected system: Django Django 1.8.15 Django Django 1.9. x 1.9.10 Description: BUGTRAQ ID: 9 3 1 8 2 CVECAN ID: CVE-2 0 1 6-7 4 0 1 Django is the Python programming language to drive an open source Web application framework. Django 1.8.15, and 1.9. x 1.9.10 version, cookie parsing code with the...

Phire CMS 2.0.0 Cross Site Scripting

Title Phire CMS HTTP Request POST /phirecms/phire/config HTTP/1.1 Headers: ... Post Data: datetimeformat=&datetimeformatcustom=%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&pagination=25&systemtheme=default&submit=Save HTTP Response...

Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting

Exploit for linux platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed...

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities

Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.4.0-rev11, 2.4.2-rev5...

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed...

Open-Xchange App Suite 7.8.2 - Cross Site Scripting

Exploit for cgi platform in category web applications Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status:...

Open-Xchange App Suite 7.8.1 Cross Site Scripting

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 45796 / 45811 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.1 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev44,...

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload Exploit Title: WP Mobile Detector =3.5 Arbitrary File upload Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector Date: 1-06-2015 Exploit Author: Aaditya Purani Author Details: https://aadityapurani.com Vendor:...

Notilus 2012 R3 SQL Injection

Exploit Title: Notilus SQL injection Product: Notilus travel solution software Vulnerable Versions: 2012 R3 Tested Version: 2012 R3 Advisory Publication: 03/06/2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' CWE-89 CVE Reference: NONE...

IBM Cognos 11.0 Content Spoofing

/ Content Spoofing Vulnerability in IBM Cognos Analytics Applications Advisory 5190 Patch Release - 30 May 2016 Public Release - 03 June 2016 CVE-2016-0398 The IBM Security Bulletins associated with this CVE have been published at the following URLs: IBM Cognos Analytics 11.0...

CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning

Exploit for php platform in category web applications ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins t...