thisnext.com XSS vulnerability

Open Bug Bounty ID: OBB-605304 Description| Value ---|--- Affected Website:| thisnext.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 CVE:...

Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017) Exploit

Exploit for windows platform in category local exploits include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif CONST LONG maxTimes = 2000; CON...

Microsoft Office: Allow PNG as an output format

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013pngoutputformat.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Allow PNG as an output format Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program ...

Drupal Drupalgeddon2 Remote Code Execution Ruby Port

require 'net/http' Hans Topo ruby port from Drupalggedon2 exploit. Based on Vitalii Rudnykh exploit target = ARGV0 command = ARGV1 url = target + '/user/register?elementparents=account/mail/%23value&ajaxform=1&wrapperformat=drupalajax' shell = "" payload =...

Wuzhi CMS 4.1.0 Add User Cross Site Request Forgery

Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9927 An issue was discovered in WUZHI CMS...

imagemagick/ping_mng_fuzzer: Use-of-uninitialized-value in mng_minimum_box

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=6209869771177984 Project: imagemagick Fuzzer: libFuzzerimagemagickpingmngfuzzer Fuzz target binary: pingmngfuzzer Job Type: libfuzzermsanimagemagick Platform Id: linux Crash Type:...

Microsoft Windows OpenType Fonts CVE-2018-1008 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code within the context of the affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versio...

Microsoft Windows Kernel CVE-2018-0968 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

imagemagick/rotate_fuzzer: Stack-buffer-overflow in LibRaw::identify

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5723382935977984 Project: imagemagick Fuzzer: aflimagemagickrotatefuzzer Fuzz target binary: rotatefuzzer Job Type: aflasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflow RE...

CVE-2018-9321

...

Wireshark 2.2.x < 2.2.14 / 2.4.x < 2.4.6 Multiple Vulnerabilities (MacOS)

The version of Wireshark installed on the remote MacOS/MacOSX host is 2.2.x prior to 2.2.14 or 2.4.x prior to 2.4.6. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108884; scriptversion"1.8";...

Z-Blog 1.5.1.1740 Cross Site Scripting

Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...

CVE-2017-3789

...

CVE-2017-3787

...

About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan

About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan This document describes the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan. About Apple securi...

Cisco IOS and IOS XE Software Forwarding Information Base Denial of Service Vulnerability

A vulnerability in the Forwarding Information Base FIB code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service DoS condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive...

Amazon’s AWS Misconfiguration:Arbitrary Files Upload in Amazon Go

The post Amazon's AWS Misconfiguration: Arbitrary Files Upload in Amazon Go appeared first on Rhino Security Labs...

DLINK DCS-5020L - Remote Code Execution (PoC)

“The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera,...

My short review of “The Forrester Wave: Vulnerability Risk Management, Q1 2018”

Last week, March 14, Forrester presented new report about Vulnerability Risk Management VRM market. You can purchase it on official site for $2495 USD or get a free reprint on Rapid7 site. Thanks, Rapid7! I've read it and what to share my impressions. I was most surprised by the leaders of the...