ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions Exploit

Exploit for windows platform in category dos / poc ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are...

Shopify: myshopify.com domain takeover

Hello Shopify Security Team, I just received your email and I'm sorry for any inconvenience. Yes, it was me. Basically, I just tried to audit your website using some black box testing. Unfortunately, I didn't read about those guidelines, such as creating a store on https://partners.shopify.com/ a...

CVE-2018-7448

Summary: CVE-2018-7448 affects CMS Made Simple 2.1.6. During a fresh installation, an attacker can inject arbitrary PHP code via the “timezone” parameter in step 4, causing code to be written to the configuration file (config.php) and enabling OS command execution through a backdoor. These detail...

thttpd Buffer Overflow Vulnerability

The htpasswd implementation of thttpd is affected by a buffer overflow that can be exploited remotely to perform code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Prototype Pollution

defaults-deep is vulnerable to prototype pollution attacks. Attackers can add or modify existing properties relating to an Object by using the utilities function to change the prototype of said Object. Using this flaw, attackers can trigger denial of service DoS attacks and in some situations...

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...

μTorrent (uTorrent) ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure

μTorrent uTorrent ClassicWeb - JSON-RPC Remote Code Execution Information Disclosure By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. T...

CVE-2017-12533

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12520

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12554

A remote code execution vulnerability in HPE intelligent Management Center iMC PLAT iMC Plat 7.3 E0504P2 and earlier was found...

CVE-2017-12556

A Remote Code Execution vulnerability in HPE intelligent Management Center iMC PLAT version IMC Plat 7.3 E0504P2 and earlier was found...

CVE-2017-12492

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12561

A remote code execution vulnerability in HPE intelligent Management Center iMC PLAT version Plat 7.3 E0504P4 and earlier was found...

CVE-2016-8511

CVE-2016-8511 is a remote code execution in HP Network Automation via RPCServlet Java deserialization. The flaw allows sending crafted serialized data to RPCServlet to execute arbitrary code. Affected versions include HP Network Automation 9.1x, 9.2x, and 10.00.x before 10.00.021; 10.10.x before ...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

CVE-2017-5638 | Struts s2-045 Description It is possible t...

Reported Critical Vulnerabilities In Microsoft Software On the Rise

The number of reported vulnerabilities in Microsoft software has mounted from 325 in 2013 to 685 last year, a rise of 111 percent, according to new research. Moreover, there has also been a 54 percent increase in critical Microsoft vulnerabilities since 2016, researchers at Avecto said in their...

CVE-2018-0861

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836,...

CVE-2018-0852

CVE-2018-0852 affects multiple Microsoft Office/Outlook versions (Outlook 2007 SP3; 2017? not listed; Outlook 2010 SP2; 2013 SP1 and RT SP1; 2016; Office 2016 Click-to-Run). Vulnerability arises from how Outlook/Office handles objects in memory, enabling remote code execution. Impact is high (rem...

Google Chrome < 64.0.3282.167 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 64.0.3282.167. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop13 advisory. - Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prior ...

Microsoft Windows Internet Explorer Multiple RCE Vulnerabilities (KB4074736)

This host is missing a critical security update according to Microsoft KB4074736 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...