HackerOne: Manipulate report timeline activity by using null byte.

Null bytes are not permitted in report body, or even in report title. But that can be used in the comment section of self-closing for reporter and change-status for team. When a null byte is used as a comment, that report timeline activity disappears! For example:...

Ourphp CMS 评论处 SQL注入漏洞

No description provided by source...

Through the ELF dynamic loading of the structure ROP chain Return-to-dl-resolve-the vulnerability warning-the black bar safety net

Play CTF game stick have know that PWN type of vulnerability topic will generally provide an executable program, and provide program run dynamically link the libc library. By the libc. so you can get the library function of the offset address, combined with the leak GOT the table in the libc...

dailyastorian.com XSS vulnerability

Vulnerable URL: http://www.dailyastorian.com/apps/pbcs.dll/section?category=staff=staffProfilePages%22/%3E%3Csvg/onload=alert%28%27XSSPOSED%27%29%3E=ebengel Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicl...

LocalTapiola: Posting modified information in 'Investment section' will cause unintended information change in verkkopalvelu.tapiola.fi

Hello, Some strange account information modification is ongoing when intercepting and making small modifications to requests in 'investment section'. Login to portal and go to buy shares https://verkkopalvelu.tapiola.fi/jb2/ltvr/purchases or similar and pic 2025 A shares, intercept requests and...

sescrio.org.br XSS vulnerability

Vulnerable URL: http://www.sescrio.org.br/noticias?keys=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 366578 Google Pagerank|...

Linux/x86_x64 - execve/bin/sh - 26 bytes

Linux/x86x64 - execve/bin/sh - 26 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x86x64 - execve/bin/sh - 26 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa...

Avira - Heap Underflow Parsing PE Section Headers

Avira - Heap Underflow Parsing PE Section Headers Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=765 One of the things you might expect an Antivirus engine to do reliably is parse PE files. However, after some simple testing with Avira, I found a heap underflow that is, writing...

Avira - Heap Underflow Parsing PE Section Headers

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=765 One of the things you might expect an Antivirus engine to do reliably is parse PE files. However, after some simple testing with Avira, I found a heap underflow that is, writing before a heap allocation parsing section headers...

Amazon Linux AMI : tomcat6 (ALAS-2016-656)

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing requests with a...

Ubiquiti Networks BB #9 - Invoice Persistent Vulnerabilities

Document Title: =============== Ubiquiti Networks BB 9 - Invoice Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1728 http://www.vulnerability-lab.com/getcontent.php?id=1739 Video View: https://www.youtube.com/watch?v=5uiXWxJzN...

WPS Office < 2016 - '.doc' OneTableDocumentStream Memory Corruption

Application: WPS Office Platforms: Windows Versions: Version before 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an acronym for Writer, Presentation and Spreadsheets,2...

WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability

Document Title: =============== WebMartIndia CMS 2016 Q1 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1681 Release Date: ============= 2016-01-26 Vulnerability Laboratory ID VL-ID: ==================================== 167...

marca.com XSS vulnerability

Vulnerable URL: http://www.marca.com/blogs/real-madridalert/XSSPOSED/...

Apple Quicktime mdat Corruption Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0020 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7088 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...

Apple Quicktime mdat Corruption Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0021 Apple Quicktime mdat Corruption Denial of Service Vulnerability January 8, 2016 CVE Number CVE-2015-7089 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the content of the mdat section of a .mov file...

Debian: Security Advisory (DSA-3428-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nexc.com XSS vulnerability

Vulnerable URL: http://www.nexc.com/jobmart/nexclassifieds/profapply/index.cfm?email=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E=06=JS-201109-13958 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

OracleVM 3.3 : libxml2 (OVMSA-2015-0152)

The remote OracleVM system is missing necessary patches to address critical security updates : - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball - Fix a series of CVEs rhbz1286495 - CVE-2015-7941 Cleanup conditional section error handling -...

UBUNTU-CVE-2015-8078

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...