CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

CVE-2018-17974

An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlten10mbencode of the file plugins/dlten10mb/en10mb.c, due to inappropriate values in the function memmove. The length pktlen + ctx - l2len can be larger than source value packet +...

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php...

DEBIAN-CVE-2015-9267

Nullsoft Scriptable Install System NSIS before 2.49 uses temporary folder locations that allow unprivileged local users to overwrite files. This allows a local attack in which either a plugin or the uninstaller can be replaced by a Trojan horse program...

Hotel Booking Engine 1.0 SQL Injection

Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-N/A PO...

Joomla Questions 1.4.3 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3...

Photon v1.1.4 - Incredibly Fast Crawler Designed For Recon

Incredibly Fast Crawler Designed For Recon. Key Features Data Extraction Photon can extract the following data while crawling: URLs in-scope & out-of-scope URLs with parameters example.com/gallery.php?id=2 Intel emails, social media accounts, amazon buckets etc. Files pdf, png, xml etc. Secret ke...

Arbitrary file deletion

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...

CVE-2018-17125

CScms 4.1 allows arbitrary directory deletion via a dir=..\ substring to plugins\sys\admin\Plugins.php...

CVE-2018-16979

Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943...

CVE-2018-1000773

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

Input validation

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require...

CVE-2017-1000600

WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...

CVE-2018-7937

In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a malicious plug-in and trick users into...

Lynis 2.6.8 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Amazon Linux 2 : thunderbird (ALAS-2018-1061)

Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part by pressing ente...

CMSeeK v1.0.9 - CMS Detection And Exploitation Suite (Scan WordPress, Joomla, Drupal And 100 Other CMSs)

What is a CMS? A content management system CMS manages the creation and modification of digital content. It typically supports multiple users in a collaborative environment. Some noteable examples are: WordPress, Joomla, Drupal etc. Release History - Version 1.0.9 21-08-2018 - Version 1.0.8...

WordPress Popuplink.js Website Redirection

A number of malicious plugins exist in Wordpress. Websites incorporating those plugins may redirect users to malicious websites...

openSUSE Security Update : seamonkey (openSUSE-2018-867)

This update for seamonkey fixes the following issues : Mozilla SeaMonkey was updated to 2.49.4 : Now uses Gecko 52.9.1esr boo1098998. Security issues fixed with MFSA 2018-16 boo1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when...

Deprecated / Disabled Plugins in Scan Policy - Notice

One or more plugins that were enabled in the scan policy have been either deprecated or disabled by Tenable with a notice to inform customers of the change. See plugin output for details on which plugins enabled in the scan policy have been deprecated or disabled and any other pertinent...