Notepad++: Stack overflow in XML Parsing

Summary: A stack buffer overflow vulnerability has been detected in XML parsing functionality on Notepad++. That's due to the fact that invisibleEditView.getText function doesn't check buffer boundaries. Description: Vulnerability src file: notepad-plus-plus/PowerEditor/src/Notepadplus.cpp...

FortiGate FortiOS LDAP Credential Disclosure

/usr/bin/python3 """ CVE-2018-13374 Publicado por Julio UreA+-a PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo: python3 CVE-2018-13374.py -f https://FortiGateIP -u...

CVE-2019-1000011: Access control bypass in GraphQL mutations

Q A Bug fix? yes New feature? no BC breaks? no Deprecations? no Tests pass? yes Fixed tickets 2364 License MIT Doc PR This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances see 2364...

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure...

Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service. The InfiniBand subsystem does not properly sanitize input parameters while registering memory regions from user space via the uverbs API, allowing a local user with access to a /dev/infiniband/uverbsX device crash the system or escalate their...

Real Estate Custom Script 2.0 - SQL Injection

Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0 Category: Webapps Tested on:...

Job Portal Platform 1.0 - SQL Injection

Job Portal Platform 1.0 - SQL Injection Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1...

i-doit CMDB 1.12 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit CMDB 1.12 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category:...

PHP 7.0.x < 7.0.16 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.16. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists in mysqli.c due to a memory leak. An unauthenticated, remote attacker can exploit this to...

Machine Learning to Detect Software Vulnerabilities

No one doubts that artificial intelligence AI and machine learning ML will transform cybersecurity. We just don't know how, or when. While the literature generally focuses on the different uses of AI by attackers and defenders ­ and the resultant arms race between the two ­ I want to talk about...

Dolibarr ERP-CRM 8.0.4 SQL Injection

Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Ander Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...

CVE-2018-13260

...

Roxy Fileman 1.4.5 File Upload / Directory Traversal

====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php CVE number: CVE-2018-20525,...

Fedora 29 : glusterfs (2018-986f0b7fb0)

5.1 GA , security fixes for: CVE-2018-14651 CVE-2018-14652 CVE-2018-14653 CVE-2018-14654 CVE-2018-14659 CVE-2018-14660 CVE-2018-14661 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 29 : community-mysql (2018-c82fc3e109)

MySQL 8.0.13 Release notes : https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13.html CVEs fixed : CVE-2018-3276 CVE-2018-3200 CVE-2018-3137 CVE-2018-3284 CVE-2018-3195 CVE-2018-3173 CVE-2018-3212 CVE-2018-3279 CVE-2018-3162 CVE-2018-3247 CVE-2018-3156 CVE-2018-3161 CVE-2018-3278...

GDB-Connector

GDB Connector is a remote script to use for controlling a remote target and debug an exploit on a target directly from Exploit Pack. Copy this script to your target and execute it to connect back to your framework. Shell Script created using Exploit Pack http://www.exploitpack.com -...

harfbuzz/hb-shape-fuzzer: Heap-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed report: https://oss-fuzz.com/testcase?key=5631444412530688 Project: harfbuzz Fuzzer: libFuzzerharfbuzzhb-shape-fuzzer Fuzz target binary: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: Heap-buffer-overflow...

CVE-2018-18696

main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=enUS and...

phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit

Exploit for php platform in category web applications !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...

Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit

function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when sorting an array with a provided comparison function. One of its...