Lucene search
K

751 matches found

myhack58
myhack58
added 2019/01/25 12:0 a.m.62 views

Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net

One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...

7.4AI score
Exploits0
Fedora
Fedora
added 2018/12/03 2:41 a.m.11 views

[SECURITY] Fedora 29 Update: php-Smarty2-2.6.31-2.fc29

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...

1.5AI score
Exploits0
Fedora
Fedora
added 2018/12/03 1:39 a.m.10 views

[SECURITY] Fedora 28 Update: php-Smarty2-2.6.31-2.fc28

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...

1.5AI score
Exploits0
CNVD
CNVD
added 2018/11/19 12:0 a.m.4 views

Vulnerability in the "User's Avatar" of the App of the East Presentation Association

East Presentation Club APP is a hotel booking platform. An override access vulnerability exists in the "user avatar" section of Dongcheng Club APP. An attacker can traverse the key field to obtain sensitive information of other users by grabbing packets...

6.5AI score
Exploits0
Apple
Apple
added 2018/11/17 12:29 p.m.122 views

About the security content of iOS 11.2.5 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

10CVSS0.8AI score0.07139EPSS
Exploits9Affected Software1
Kitploit
Kitploit
added 2018/11/09 8:48 p.m.84 views

Invisi-Shell - Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)

Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features ScriptBlock logging, Module logging, Transcription, AMSI by hooking .Net assemblies. The hook is performed via CLR Profiler API. Work In Progress This is still a preliminary version intended as a...

7.5AI score
Exploits0References1
NVD
NVD
added 2018/10/05 6:29 a.m.19 views

CVE-2015-9272

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

9.8CVSS9.8AI score0.04989EPSS
Exploits1References2
Prion
Prion
added 2018/10/05 6:29 a.m.17 views

Input validation

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

7.5CVSS8.5AI score0.04989EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/10/05 5:0 a.m.26 views

CVE-2015-9272

The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...

9.9AI score0.04989EPSS
Exploits1References2
CVE
CVE
added 2018/09/17 6:0 a.m.43 views

CVE-2018-17137

Prezi Next 1.3.101.11 is affected by an access bypass vulnerability described across multiple sources (e.g., CNVD-2018-19438, NVD CVE-2018-17137). The issue arises from SE_DEBUG_PRIVILEGE on Windows, which could allow attackers to bypass intended access restrictions in the context of HTML5 presen...

9.8CVSS9.3AI score0.014EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2018/09/11 9:34 p.m.1893 views

MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...

7.3AI score
Exploits0References8
Talos Blog
Talos Blog
added 2018/08/08 10:59 a.m.47 views

Playback: A TLS 1.3 Story

Introduction Secure communications are one of the most important topics in information security, and the Transport Layer Security TLS protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking...

7.1AI score
Exploits0
n0where
n0where
added 2018/07/02 3:11 p.m.311 views

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

0.6AI score
Exploits0References3
n0where
n0where
added 2018/06/20 6:34 p.m.47 views

RF Fuzzing Framework: TumbleRF

TumbleRF is a framework that orchestrates the application of fuzzing techniques to RF systems. While fuzzing has always been a powerful mechanism for fingerprinting and enumerating bugs within software systems, the application of these techniques to wireless and hardware systems has historically...

7.2AI score
Exploits0References2
NVD
NVD
added 2018/06/16 1:29 a.m.15 views

CVE-2018-5754

Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...

5.4CVSS5.4AI score0.02976EPSS
Exploits5References3
Prion
Prion
added 2018/06/16 1:29 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...

3.5CVSS5.8AI score0.02976EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/06/15 9:0 p.m.18 views

CVE-2018-5754

Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...

5.9AI score0.02976EPSS
Exploits5References3
Fedora
Fedora
added 2018/05/13 8:18 p.m.44 views

[SECURITY] Fedora 27 Update: libreoffice-5.4.6.2-6.fc27

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

7.5CVSS1.3AI score0.78683EPSS
Exploits10
Fedora
Fedora
added 2018/05/11 9:15 p.m.35 views

[SECURITY] Fedora 28 Update: libreoffice-6.0.3.2-9.fc28

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

7.5CVSS1.3AI score0.78683EPSS
Exploits6
Hacker One
Hacker One
added 2018/05/01 4:49 p.m.35 views

GitLab: XSS (Persistent) - Selecting role(s) for protected branches

Summary: When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string. Description: This vulnerability is similar to the recently announced CVE-2018-10379. The...

4.3CVSS6.1AI score0.00888EPSS
Exploits0
Rows per page
Query Builder