2528 matches found
CVE-2018-2730
Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications subcomponent: Cross Pillar. The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail...
Apple macOS - IOHIDSystem Kernel ReadWrite
Apple macOS - IOHIDSystem Kernel ReadWrite Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for so...
CVE-2017-5257
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or guesses the SNMP read/write RW community string can insert XSS strings in certain SNMP OIDs which will execute in the context of the currently-logged on user...
CVE-2017-5258
In version 3.5 and prior of Cambium Networks ePMP firmware, an attacker who knows or can guess the RW community string can provide a URL for a configuration file over SNMP with XSS strings in certain SNMP OIDs, serve it via HTTP, and the affected device will perform a configuration restore using...
BrightSign Digital Signage (4k242) Directory Traversal Vulnerability
The BrightSign Digital Signage 4k242 is a multimedia playback device from BrightSign USA. A directory traversal vulnerability exists in the BrightSign Digital Signage 4k242 using firmware version 6.2.63 and earlier. An attacker can exploit the vulnerability by sending the 'rp' parameter to the...
ALPINE-CVE-2017-3737
OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...
UBUNTU-CVE-2017-3737
OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...
Microsoft Edge Chakra CFG Bypass By Overwriting JavaScript Bytecode Vulnerability
Chakra suffers from a CFG bypass by overwriting JavaScript bytecode. Chakra: CFG bypass by overwriting JavaScript bytecode Assume an attacker has the ability to overwrite Chakra's bytecode, either through a read/write primitive or through an overflow type vulnerability. Let's take a look at the...
Claymore's Dual Ethereum Miner unauth stack buffer overflow(CVE-2017-16929)
VuNote =================== Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-16929 Version: 0.2 Date: Nov 30th, 2017 Tag: claymore dual ethereum decred crypto currency miner Overview -------- Name: Claymore's Dual ETH + DCR/SC/LBC/PASC GPU Miner Vendor: nanopool/claymore...
CVE-2017-16929
The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathna...
Qemu: exec: oob access during dma operation
Quick Emulator QEMU, compiled with qemumapramptr to access guests' RAM block area, is vulnerable to an OOB r/w access issue. The crash can occur if a privileged user inside a guest conducts certain DMA operations, resulting in a DoS...
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation
// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...
Linux Kernel 4.13 (Ubuntu 17.10) - waitid() SMEPSMAPChrome Sandbox Privilege Escalation
Linux Kernel 4.13 Ubuntu 17.10 - waitid SMEPSMAPChrome Sandbox Privilege Escalation // Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In thi...
SAP Point of Sale Xpress Server Access Authentication Vulnerability
SAP Point of Sale POS is a sales management system from SAP, Germany, of which Xpress Server is an Xpress server. A security vulnerability exists in Xpress Server in SAP POS, which stems from the program failing to require authentication. An attacker could exploit the vulnerability to...
CPUID CPU-Z Arbitrary Read/Write Privilege Elevation Vulnerability
CPUID CPU-Z is a free software package for collecting information about system devices. A security vulnerability exists in versions of CPUID CPU-Z prior to 1.43, which originates from a program that can send ioctl 0x9C402430 calls to the kernel mode driver to exploit the vulnerability by writing ...
CVE-2017-10397
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications subcomponent: BaseMasterPage. The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2017-10304
Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products subcomponent: Security. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM...
CVE-2017-10265
Vulnerability in the Oracle Integrated Lights Out Manager ILOM component of Oracle Sun Systems Products Suite subcomponent: System Management. The supported version that is affected is Prior to 3.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2017-10055
Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware subcomponent: Admin Graphical User Interface. The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
Oracle Siebel CRM Siebel UI Framework Component Unauthorized Operation Vulnerability (CNVD-2017-32188)
Oracle Siebel CRM is the United States Oracle Oracle company's set of customer relationship management solutions , which includes sales management , marketing management , customer service systems , call centers and other modules.Siebel UI Framework is one of the framework components based on the...