1434 matches found
Arbitrary File Overwrite
JSNAPy is vulnerable to arbitrary file overwrite attacks. The default configuration and sample files are created world writable, allowing a local malicious user to edit files in the /etc/jsnapy directory...
CVE-2017-18255
The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...
DEBIAN-CVE-2017-18255
The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...
CVE-2017-18255
The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...
Integer overflow
The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...
CVE-2017-18255
The perfcputimemaxpercenthandler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service integer overflow or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation...
CVE-2017-9694
While parsing Netlink attributes in QCAWLANVENDORATTREXTSCANBSSIDHOTLISTPARAMSLOSTAPSAMPLESIZE in qcacld 2.0 before 2017-05-16, a buffer overread could occur...
Nessus plug-in“arms”tutorial-vulnerability warning-the black bar safety net
! Overview In a recent internal penetration test, we need to use a Java two-stage deserialization vulnerability. In this article, we will tell you how to transform the Nessus plugin, because the plugin was originally only the use of an existing RCE vulnerability, but we will teach you how to...
[SECURITY] Fedora 27 Update: libsamplerate-0.1.9-1.fc27
Secret Rabbit Code is a sample rate converter for audio. It is capable of arbitrary and time varying conversions. It can downsample by a factor of 12 and upsample by the same factor. The ratio of input and output sample rates can be a real number. The conversion ratio can also vary with time for...
Threat Outbreak Alert RuleID32015: Email Messages Distributing Malicious Software on February 20, 2018
Medium Alert ID: 56873 First Published: 2018 February 20 16:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32015 may contain the following files: Name |...
Year-Old Coldroot RAT Targets MacOS, Still Evades Detection
Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers. The RAT is cross-platform and capable of planting a keylogger on MacOS systems prior to the OS High Sierra and is designed to steal banking credentials. Coldro...
Dr. Mine - Tool To Aid Automatic Detection Of In-Browser Cryptojacking
Dr. Mine is a node script written to aid automatic detection of in-browser cryptojacking. The most accurate way to detect things that happen in a browser is via browser itself. Thus, Dr. Mine uses puppeteer to automate browser thingy and catches any requests to online cryptominers. When a request...
web2py sample Web application command execution vulnerability
web2py is a set of open source Web framework written in Python , it supports rapid development of database-driven Web-based applications . sample web application is one of the Web application template . A security vulnerability exists in the sample web application in versions of web2py prior to...
Geovision Inc. IP Camera Video - Remote Command Execution
Geovision Inc. IP Camera Video - Remote Command Execution !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
CVE-2017-16599
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
bplans.com XSS vulnerability
Open Bug Bounty ID: OBB-524419 Description| Value ---|--- Affected Website:| bplans.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...
sampledesignbook90.godo.co.kr XSS vulnerability
Open Bug Bounty ID: OBB-485076 Description| Value ---|--- Affected Website:| sampledesignbook90.godo.co.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated...
Auto Generate Data Sample 1.0 Cross Site Scripting
Exploit Title: Auto Generate Data Sample PHP - xss Google Dork: N/A Date: 2017/31/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/niagawebster Software Buy: https://www.codester.com/items/5580/auto-generate-data-sample-php Demo:...
NoSQL Exploitation Framework 2.0 - A Framework For NoSQL Scanning and Exploitation
A FrameWork For NoSQL Scanning and Exploitation Framework Authored By Francis Alexander. Added Features: First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra Support For NoSQL WebAPPS Added payload list for JS Injection,Web application Enumeration. Scan Support for...
Threat Outbreak Alert RuleID31616: Email Messages Distributing Malicious Software on December 14, 2017
Medium Alert ID: 56263 First Published: 2017 December 14 14:09 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31616 may contain the following files: Name |...