CVE-2017-16431

...

CVE-2015-8054

CVE-2015-8054 entry is rejected/not used and does not represent an active vulnerability.

elFinder 2.1.47 Command Injection

!/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqid" : "1693222c439f4", "cmd" : "upload", "target" :...

Google Chrome M72 - PaymentRequest Service Use-After-Free

Google Chrome M72 - PaymentRequest Service Use-After-Free There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the call to...

Drupal < 8.6.9 - REST Module Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...

keystone/fuzz_asm_x86_16: Use-of-uninitialized-value in llvm_ks::MCAssembler::fragmentNeedsRelaxation

Detailed report: https://oss-fuzz.com/testcase?key=6301049676103680 Project: keystone Fuzzer: libFuzzerkeystonefuzzasmx8616 Fuzz target binary: fuzzasmx8616 Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State:...

Apple macOS 10.13.5 - Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from...

[SECURITY] Fedora 29 Update: jackson-datatype-jdk8-2.9.8-1.fc29

Java 8 Datatypes: support for other new Java 8 data types outside of date/time: most notably Optional, OptionalLong, OptionalDouble...

CVE-2019-5715: Reflected SQL Injection through Form and DataObject

More info at https://www.silverstripe.org/download/security-releases/ss-2018-021...

[SECURITY] Fedora 28 Update: python-markdown2-2.3.7-1.fc28

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

National Instruments NI Package Manager Detection (Windows SMB Login)

Detects the installed version of Cogent DataHub for Windows. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18895

...

Ntopng on Security Onion

so16@so16:$ mkdir git so16@so16:$ cd git so16@so16:/git$ ls so16@so16:/git$ wget --no-check-certificate https://github.com/branchnetconsulting/so-ntopng-installer/raw/master/installntopngonso16 --2019-02-11 02:48:02--...

InnoGames: Information disclosure via ".htaccess" at https://login.innogames.de

Hi team , i found insecure file Name: htaccess Normally, only the web server is allowed to read the .htaccess file, but in this case, it appears that there is a misconfiguration that is causing the contents of the .htaccess located at https://login.innogames.de/.htaccess to download file and read...

Code injection

inxedu through 2018-12-24 has a vulnerability that can lead to the upload of a malicious JSP file. The vulnerable code location is com.inxedu.os.common.controller.VideoUploadControllergok4 com/inxedu/os/common/controller/VideoUploadController.java. The attacker uses the /video/uploadvideo fileTyp...

Solaris pfexec Upgrade Shell

This module attempts to upgrade a shell session to UID 0 using pfexec. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris pfexec Upgrade Shell', 'Description' = %q This module attempts to...

Security Bulletin: A security vulnerability has been identified in IBM Systems Director Editions

Vulnerability Details Summary Tivoli Common Reporting, IBM Systems Director and Tivoli Application Dependency Discovery Manager are shipped as components of IBM Systems Director Editions. Information about a security vulnerability affecting the above components has been published in a security...

Security Bulletin: IBM BladeCenter Advanced Management Module is affected by cURL/libcURL vulnerabilities (CVE-2014-3613, CVE-2014-3620)

Summary Security vulnerabilities have been discovered in cURL/libcURL. Vulnerability Details Summary Security vulnerabilities have been discovered in cURL/libcURL. Vulnerability Details: CVE-ID: CVE-2014-3613 Description: cURL/libcURL could allow a remote attacker to bypass security restrictions,...

PhpSpreadsheet 1.5.0 XXE vulnerability reproduction and analysis-vulnerability warning-the black bar safety net

0x01 introduction PhpSpreadsheet is a very popular pure PHP class library that allows you to easily read and write Excel, LibreOffic Calc and other spreadsheet file formats, is PHPExcel alternative. 2018 11 October 13, PhpSpreadsheet was broke presence of the XXE vulnerability, CVE-2018-19277, in...

GreenCMS 2.x - SQL Injection

GreenCMS 2.x - SQL Injection Exploit Title: Green CMS 2.x - SQL Injection Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on:...