11967 matches found
Carbon Black’s Global Incident Response Threat Report: The Ominous Rise of “Island Hopping” & Counter Incident Response Continues
To stay abreast of the current attack landscape and to quantify the latest attack trends seen by leading IR firms, Carbon Black is publishing its third Global Incident Response Threat Report GIRTR since introducing it in July 2018. Aggregating qualitative and quantitative input from 40 Carbon Bla...
CVE-2019-5025
...
Airbnb Clone Script - Multiple SQL Injection
Airbnb Clone Script - Multiple SQL Injection Exploit Title: Homey BNB Airbnb Clone Script - Multiple SQL Injection Date: 27.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/ Demo Site: http://sitedemos.in/homeybnb/ Version: V4 Tested on...
NVIDIA Arbitrary File Writes to Command ExecutionCVE-2019-5674
The post NVIDIA Arbitrary File Writes to Command Execution CVE-2019-5674 appeared first on Rhino Security Labs...
Jettweb Hazır Rent A Car Scripti V4 - SQL Injection
Exploit Title: Jettweb Hazır Rent A Car Scripti V4 - SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-46-php-hazir-rent-a-car-scripti-v4.html Demo Site: http://rentv4.proemlaksitesi.net/ Version: V4 Tested on: Kali Linux CVE: N/A ----- PoC 1:...
Medtronic defibrillators vulnerable to life threatening cyber attacks
By Waqas Defibrillators are electronic devices manufactured to save the lives of people with life-threatening heart conditions such as Hypertrophic Cardiomyopathy HCM. But now, according to the Department of Homeland Security DHS, Medtronic defibrillators are vulnerable to cyber attacks allowing...
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Attached is a PoC file that bypasses Flash click2play in Microsoft Edge. This was tested on Windows 10 64bit v 1809 with the latest patches applied. The PoC currently loads a swf from wwwimages.adobe.com screenshot...
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons Exploit
When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...
Netartmedia Jobs Portal 6.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/jobsportal/ Demo Site: https://www.ittjobs.com/ Version: 6.1 Tested on: Kali Linux CVE: N/A ----- PoC SQL...
WinRAR 5.61 - Path Traversal Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below...
WordPress 5.0.0 Remote Code Execution analytical thinking-vulnerability warning-the black bar safety net
2 on the 20th, and RIPS the team in the official website discloses a WordPress 5.0.0 Remote Code Execution, CVE number CVE-2019-6977, the article mainly mentioned in the author permissions to the account, you can modify the Post Meta variable coverage, directory traversal write the file, the...
CVE-2017-16486
...
CVE-2017-16431
...
CVE-2017-17276
...
CVE-2015-7953
CVE-2015-7953 entry is rejected/not used and does not represent an active vulnerability entry.
CVE-2017-16480
...
CVE-2017-16469
...
CVE-2015-8121
...
CVE-2015-8054
CVE-2015-8054 entry is rejected/not used and does not represent an active vulnerability.
CVE-2017-13114
This CVE entry is rejected/not used; the candidate number should not be used.