Microsoft Office 2013 APP-V ASLR Bypass Vulnerability (3118268)

This host is missing a critical security update according to Microsoft Bulletin MS16-107. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Automate Getting Domain Admin Using Empire: DeathStar

DeathStar is a Python script that uses Empire’s RESTful API to automate gaining Domain Admin rights in Active Directory environments using a variety of techinques. Installation Currently, for Death Star to work you’re going to have to install byt3bl33d3r’s fork of Empire until this pull request...

Man-in-the-middle Router

Turn any linux computer into a public Wi-Fi network that silently mitms all http traffic. Runs inside a Docker container using hostapd , dnsmasq , and mitmproxy to create a open honeypot wireless network named “Public”. For added fun, change the network name to “xfinitywifi” to autoconnect anyone...

libmad 'mad_decoder_run' function denial of service vulnerability

libmad is an open source MPEG audio decoding library that provides 24-bit PCM output for platforms without floating point support. A security vulnerability exists in the 'maddecoderrun' function of the decoder.c file in libmad version 0.15.1b. A remote attacker can exploit this vulnerability to...

Microsoft Releases Outlook Patches, Fixes Broken Update

During the heat of Black Hat last week, Microsoft pushed out patches for Outlook that address three newly reported vulnerabilities. Last week’s update also included fixes for six of eight vulnerabilities left unpatched after issues were reported with the June Patch Tuesday update. The most seriou...

Cross-site Scripting (XSS)

Magmi is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary webscript through the profile parameter of web/magmi.php or through querystring to web/magmiimportrun.php...

Sitecore Cross-Site Scripting Vulnerability

Sitecore is an online marketing content management system CMS from Sitecore, Denmark. The system supports content editing, multiple languages, multi-site deployment, digital asset management and more. A cross-site scripting vulnerability exists in Sitecore version 8.2, which stems from the...

CVE-2017-11439

In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter...

Cross site scripting

In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter...

CVE-2017-11439

In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter...

UBUNTU-CVE-2017-11360

The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge numberpixels value...

ImageMagick 'coders/rle.c' Denial of Service Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A security vulnerability exists in ImageMagick versions prior to 7.0.5-10, which stems from the failure of the...

CHAOS Framework - Generate Payloads and Control Remote Machines

CHAOS Framework allows generate payloads and controls remote machines. DISCLAIMER The use of the CHAOS Framework is COMPLETE RESPONSIBILITY of the END-USER. Developer assumes NO liability and is NOT responsible for any misuse or damage caused by this program. FEATURES Windows Remote Control...

Advantech WebOP Designer Heap Buffer Overflow Vulnerability

Advantech WebOP is an operator panel product. A heap buffer overflow vulnerability exists in Advantech WebOP Designer, which could be exploited by a remote attacker to submit a special request that could crash the application or execute arbitrary code...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14503)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

IrfanView .rle file buffer overflow vulnerability (CNVD-2017-14164)

IrfanView is an image viewer that supports image browsing, image editing, image format conversion and more. A buffer overflow vulnerability exists in IrfanView version 4.44 32-bit. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service with the help of...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14490)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14498)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14492)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-19920)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...