11967 matches found
Fastest Mini Browser - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Fastest Mini Browser published at the 'play' market has multiple vulnerabilities...
Groupon Clone Script 3.01 SQL Injection
Exploit Title: Groupon Clone Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/groupon-clone-script/ Demo: http://phpscriptsmall.info/demo/groupon-deal/ Version: 3.01 Tested on: Win7 x64,...
Single Theater Booking Script - 'newsid' SQL Injection
Exploit Title: Single Theater Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/ Demo:...
Threat Outbreak Alert RuleID28106: Email Messages Distributing Malicious Software on March 3, 2017
Medium Alert ID: 52866 First Published: 2017 March 3 14:12 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28106 may contain the following files: Name | Siz...
WordPress Core < 4.7.1 - Username Enumeration
!usr/bin/php...
132 Google Play Apps Booted For Having Malicious IFrames
Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...
arlington.wickedlocal.com XSS vulnerability
Open Bug Bounty ID: OBB-216524 Description| Value ---|--- Affected Website:| arlington.wickedlocal.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Linux Kernel 4.4.0 Ubuntu DCCP Double-Free Crash
// A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // // Andrey Konovalov define GNUSOURCE include include include include include include include include include include include...
bdarchitectuur.nl XSS vulnerability
Vulnerable URL: http://www.bdarchitectuur.nl/zoeken?q='"--!confirmOPENBUGBOUNTY...
Jboss Credential Collector
This module can be used to extract the Jboss admin passwords for version 4,5 and 6. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'Jboss Credential Collector', 'Description'...
dotCMS 3.6.1 Blind Boolean SQL Injection Vulnerability
Exploit for php platform in category web applications Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content...
ownCloud: HTML injection in Desktop Client
Problem There are HTML injections throughout the ownCloud desktop client. A good example of this can be seen in accountsettings.cpp line 641 to 705. For reference purposes this is a trimmed down and slightly commented version of the code: cpp void AccountSettings::refreshSelectiveSyncStatus QStri...
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not...
Itech B2B Script 4.29 - Multiple Vulnerabilities
Itech B2B Script 4.29 - Multiple Vulnerabilities Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability Google Dork : - Date : 12/02/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/b2b-script/ Software Link: http://b2b.itechscripts.com Type : webapps...
HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit)
HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command...
[SECURITY] Fedora 24 Update: phpMyAdmin-4.6.6-1.fc24
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
shopify-scripts: forgot to add the patch
The patch of the report https://hackerone.com/reports/192896 you forgot to add here https://github.com/Shopify/mruby-engine...
SRC-2017-0002 : Adobe Acrobat Pro DC ImageConversion TIFF Parsing Use-After-Free Read Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'TrueOnline / Billion 5200W-T Router Unauthenticated Command Injection', 'Description' = %q TrueOnline is a major ISP in Thailan...
Denial Of Service (DoS) Through Integer Overflow
ImageMagick is vulnerable to integer overflow through the computing the pixel scaling table. A malicious user can use this to cause the system to crash and perform a denial of service DoS attack...