Viva Visitor Volunteer ID Tracking 0.95.1 - fname SQL Injection

Viva Visitor Volunteer ID Tracking 0.95.1 - fname SQL Injection Exploit Title: Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection Dork: N/A Date: 2018-10-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://viva-visitor.sourceforge.io/ Software Link:...

The Open ISES Project 3.30A SQL Injection

Exploit Title: The Open ISES Project 3.30A - 'ticklat' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version: 3.30A050318 Category: Webapps Test...

CT-Exposer - An OSINT Tool That Discovers Sub-Domains By Searching Certificate Transparency Logs

Discover sub-domains by searching through Certificate Transparency logs. What is CT? Certificate Transparency CT is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities CA. TLS has a weakness that comes from the...

libSSH - Authentication Bypass

!/usr/bin/env python3 import paramiko import socket import argparse from sys import argv, exit parser = argparse.ArgumentParserdescription="libSSH Authentication Bypass" parser.addargument'--host', help='Host' parser.addargument'-p', '--port', help='libSSH port', default=22...

In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

GIU Gallery Image Upload 0.3.1 - category SQL Injection

GIU Gallery Image Upload 0.3.1 - category SQL Injection Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload...

Malwarebytes Labs Cybercrime Tactics and Techniques Report (CTNT) shows shift to business targets in Q3

Once again, it's that time of year: time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques Report. Strap in your seat belts, folks, because the third quarter of 2018 was quite a wild ride. After a sleepy first two quarters, cybercriminals shook out the cobwebs and revved up...

Microsoft Excel: Disable UI Extending from Documents and Templates

This test checks the setting for policy OpenVAS Vulnerability Test $Id: officenouiextendingexcel.nasl 12129 2018-10-26 13:57:15Z cfischer $ Check value for Disable UI extending from documents and templates Excel Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Wikidforum 2.20 - message_id SQL Injection

Wikidforum 2.20 - messageid SQL Injection Exploit Title: Wikidforum 2.20 - 'messageid' SQL Injection Exploit Author: Ihsan Sencan Exploit Author: Ihsan Sencan Date: 2018-10-09 Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)

Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes Date: 2018-09-26 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Informatio...

Joomla! Reverse Auction Factory 4.3.8 SQL Injection

Exploit Title: Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/reverse-auction-factory/ Version: 4.3.8 Category: Webapps Test...

RICOH MP C307 Printer Cross Site Scripting

Exploit Title: RICOH MP C307 Printer - HTML Injection and Stored XSS Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

baothaibinh.com.vn XSS vulnerability

Open Bug Bounty ID: OBB-674554 Description| Value ---|--- Affected Website:| baothaibinh.com.vn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sqlite3/ossfuzz: Use-of-uninitialized-value in corruptSchema

Detailed report: https://oss-fuzz.com/testcase?key=5153397250981888 Project: sqlite3 Fuzzer: libFuzzersqlite3ossfuzz Fuzz target binary: ossfuzz Job Type: libfuzzermsansqlite3 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: corruptSchema sqlite3InitCallback...

mlevigne.com XSS vulnerability

Open Bug Bounty ID: OBB-673190 Description| Value ---|--- Affected Website:| mlevigne.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Problems with Automatic DNS Registration and Autodiscovery

The CERT Coordination Center CERT/CC has released information on problems associated with small office/home office routers using automatic Domain Name System DNS registration and autodiscovery. An attacker could exploit these problems to obtain sensitive information. NCCIC encourages users and...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...

[SECURITY] Fedora 28 Update: kernel-4.17.17-200.fc28

The kernel meta package...

Geutebrueck re_porter 16 - Cross-Site Scripting

Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior 7.8.974.20 CVE-2018-15533 Attack Vectors...

Code injection

Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker...