224 matches found
Solaris 10 (sparc) : 149175-13
SunOS 5.10: qlc patch. Date this patch was last updated by Sun : Jan/16/18 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid107681; scriptversion"1.4"; scriptcvsdate"Date: 2020/01/07...
Joyent SmartOS SMBIOC_TREE_RELE elevation of privilege vulnerability
Joyent SmartOS is a set of open source operating system from Joyent, USA. A security vulnerability exists in the SMBIOCTREERELE ioctl in Joyent SmartOS release-20170803-20170803T064301Z, which stems from a program's failure to detect the existence of an object before performing an operation on it...
Advance Loan Management System - id SQL Injection
Advance Loan Management System - id SQL Injection Exploit Title: Advance Loan Management System - 'id' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link:...
Vitek RCE and Information Disclosure
Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 2017 Full Disclosure: 0-day heap: Executable + Non-ASLR stack:...
FS Shutter Stock Clone SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: FS Shutter Stock Clone - 'keywords' SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shutterstock-clone/ Version: 24 October 17 Tested on: Kali...
FS Monster Clone - 'id' SQL Injection
Exploit Title: FS Monster Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/monster-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
Wordpress Car Park Booking Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Car Park Booking - SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/item/car-park-booking-wordpress-plugin/20284035 Software Link:...
Real Estate MLM Plan Script 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0...
Kaltura 13.1.0 Code Execution / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Advisory: Kaltura - Remote Code Execution and Cross-Site Scripting Release Date: 2017/09/12 Author: Robin Verton email protected CVE: CVE-2017-14141, CVE-2017-14142, CVE-2017-14143 Application: Kaltura = 13.1.0 Risk: Critical Vendor Status:...
RUSTSEC-2017-0008 `serial` crate is unmaintained
The serial crate is no longer maintained. Last release was on 2017-07-02. Possible alternatives Consider using an alternative, for instance the blocking librarys: - serial2 - serialport or async alternatives: - mio-serial - tokio-serial...
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...
CVE-2016-9469
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix...
MS12-050: Description of the security update for SharePoint Server 2010 (coreserverloc): July 10, 2012
MS12-050: Description of the security update for SharePoint Server 2010 coreserverloc: July 10, 2012 INTRODUCTION Microsoft has released security bulletin MS12-050. To view the complete security bulletin, visit one of the following Microsoft websites: Home...
Security update 2016-10-11
...
Aura Video Converter 1.6.3 - DLL Hijacking Exploit
Document Title: =============== Aura Video Converter 1.6.3 - DLL Hijacking Exploit References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1965 Release Date: ============= 2016-10-04 Vulnerability Laboratory ID VL-ID: ==================================== 1965...
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
No description provided by source. Cisco ASA 9.23 Authentication Bypass EXTRABACON Module Copyright: c 2016 RiskSense, Inc. https://risksense.com License: http://opensource.org/licenses/MIT Release Date: September 15, 2016 Authors: Sean Dillon 2E3C8D72353C9B8C9FF797E753EC4C9876D5727B Zachary...
Cisco ASA 9.2(3) - 'EXTRABACON' Authentication Bypass
Exploit for hardware platform in category remote exploits Cisco ASA 9.23 Authentication Bypass EXTRABACON Module Copyright: c 2016 RiskSense, Inc. https://risksense.com License: http://opensource.org/licenses/MIT Release Date: September 15, 2016 Authors: Sean Dillon...
Cisco ASA 9.2(3) - EXTRABACON Authentication Bypass
Cisco ASA 9.23 - EXTRABACON Authentication Bypass Cisco ASA 9.23 Authentication Bypass EXTRABACON Module Copyright: c 2016 RiskSense, Inc. https://risksense.com License: http://opensource.org/licenses/MIT Release Date: September 15, 2016 Authors: Sean Dillon 2E3C8D72353C9B8C9FF797E753EC4C9876D572...
Security update 2016-09-13
...
Cumulative Update for Windows 10 Version 1607: August 16, 2016
None None...