11967 matches found
Itech Dating Script 3.26 - SQL Injection
Exploit Title: Itech Dating Script v3.26 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/dating-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...
CVE-2016-7974
The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions...
siemens-samsung-nokia.bank-information.info XSS vulnerability
Vulnerable URL: http://siemens-samsung-nokia.bank-information.info/b.php?b=%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
Joomla! 3.6.4 - Admin TakeOver Exploit
Exploit for php platform in category web applications !/usr/bin/python3 CVE-2016-9838: Joomla! = 3.6.4 Admin TakeOver cf import bs4 import requests import random ADMINID = 384 url = 'http://vmweb.lan/Joomla-3.6.4/' formurl = url + 'index.php/component/users/?view=registration' actionurl = url +...
libass: Attempting free in ass_free_track
Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6177355424858112 Project: libass Fuzzer: libFuzzerlibassfuzzer Fuzz target binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Attempting free Crash...
Micro Blog Script SQL Injection
Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Tested on: http://www.microblogscript.scriptgiant.in Script Name: Micro Blog Script Author: Ihsan Sencan Author Web: http://ihsan.net Mail : ihsanbeygirihsannoktanet Authentication...
Apache shiro 1.2.4 version of remote command execution vulnerability details-vulnerability warning-the black bar safety net
Search, I found online about apache shiro 1.2.4 version of the vulnerability consolidation report to write too simple, is perhaps the bigwigs speaking of professional, I this noob can't read the reason, specially in the local do a full show. First from the shiro official get shiro 1.2.4 of the...
Threat Outbreak Alert RuleID27238: Email Messages Distributing Malicious Software on January 17, 2017
Medium Alert ID: 52335 First Published: 2017 January 17 15:29 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID27238 may contain the following files: Name |...
CVE-2016-8880
...
Reverse Safety series: Use After Free vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword Thinking the next step is to write a use after free small summary, just happened to be the nearest Lake Gordon Cup 2016 the one.---- game Use the use after free can be out. This title is their first in more formal competitions, make pwn title, do this question of time spent a lot, t...
Cross-site Scripting (XSS)
moin is vulnerable to cross-site scripting XSS. The rsslink function in the theme/init.py does not properly escape the page name in a rss link, allowing remote attackers to inject arbitrary web script or HTML...
My Php Dating 2.0 - path Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications Vulnerability: My Php Dating 2.0 - SQL Injection Web Vulnerability Google Dork: My Php Dating Date:09.01.2017 Vendor Homepage: http://www.phponlinedatingsoftware.com/demo.htm Tested on: http://www.phponlinedatingsoftware.com/demo/ Script Name:...
dsstyles.com XSS vulnerability
Vulnerable URL: https://www.dsstyles.com/search?search=gopro+dji+phantom+anti+vibration+anti+jello+camera+mount+screw+tripod'"--!confirmOPENBUGBOUNTY//...
CVE-2016-8830
...
CVE-2016-7255: analysis of Mining the Windows kernel to mention the right vulnerability-vulnerability warning-the black bar safety net
The Windows kernel mention the right Vulnerability, CVE-2016-7255 has been a lot of media attention. In the 11 month's Patch Tuesday, Microsoft released for this vulnerability fix, as MS16-135 announcement of the part. According to Microsoft's description, CVE-2016-7255 mainly used to perform...
115 Browser 7.2.5 RCE Vulnerability
Author: evi1m0sec.ly.com + Team: n0tr00t security team + From: http://www.n0tr00t.com + Create: 2015-12-26 DownProxy XSS view-source: http://m.115.com/downproxy.html javascript function localParamsearch, hash search = search || window. location. search; hash = hash || window. location. hash; var...
MacOS Kernel < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Po
Exploit for multiple platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40957.zip When sending and receiving mach messages from userspa...
homeandcabin.ca XSS vulnerability
Vulnerable URL: http://www.homeandcabin.ca/search.php?search=" Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 13:24 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 19080221 VIP website status:| No Check...
Apple macOS 10.12.1 iOS 10.2 - powerd Arbitrary Port Replacement
Apple macOS 10.12.1 iOS 10.2 - powerd Arbitrary Port Replacement / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=976 powerd running as root hosts the com.apple.PowerManagement.control mach service. It checks in with launchd to get a server port and then wraps that in a CFPort:...
Backdooring Android APK: backdoor-apk
Backdooring Android APK backdoor-apk is a shell script that simplifies the process of adding a backdoor to any Android APK file. Users of this shell script should have working knowledge of Linux, Bash, Metasploit, Apktool, the Android SDK, smali, etc. This shell script is provided as-is without...