11967 matches found
opendns.com XSS vulnerability
Vulnerable URL: https://www.opendns.com/marketo-form/content-event-form-2-0-product-videos/?post=https://www.opendns.com/enterprise-security/resources/product-videos/demo-opendns-umbrella-with-investigate/alert/OPENBUGBOUNTY/...
centreleonberard.fr XSS vulnerability
Open Bug Bounty ID: OBB-189819 Description| Value ---|--- Affected Website:| centreleonberard.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Threat Outbreak Alert RuleID25824: Email Messages Distributing Malicious Software on October 24, 2016
Medium Alert ID: 49401 First Published: 2016 October 24 13:43 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID25824 may contain the following files: Name |...
Bumble: Unvalidated redirect on team.badoo.com
Domain affected: https://team.badoo.com/ corp.badoo.com PoC Tested on Firefox: https://team.badoo.com/%0d%0adata:text/html;text,%3Csvg%2fonload%3Dprompt%281%29%3E F129735 Describe: team.badoo.com may vulnerable to CRLF injection, when we inject %0d%0a into url, the Location header, entire content...
PHP Telephone Directory - Multiple Vulnerabilities
PHP Telephone Directory - Multiple Vulnerabilities Exploit Title: PHP Telephone Directory - Multiple Vulnerabilities Date: 2016-10-16 Exploit Author: larrycompress Contact: [email protected] Type: webapps Platform: PHP Vendor Homepage: http://www.pagereactions.com/product.php?pku=2 Software...
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 CSRF PoC function submitRequest var xhr = new...
kill. exe overflow vulnerability analysis and EXP discussion-vulnerability warning-the black bar safety net
1. Foreword A few days ago, the author at exploit-db and found a kill. exe overflow vulnerability, in many of the UAF vulnerability, this simple overflow vulnerability simply as a unit of springs in General, then be picked out, deeply looked. The original plan to write a full available EXP, but...
Advance MLM Script - SQL Injection
Advance MLM Script - SQL Injection x========================================================================================================================================x | Title : Advance MLM Script SQL Vulnerabilities | Software : Advance MLM Script | Vendor : http://www.i-netsolution.com/ |...
Dup Scout Enterprise 9.0.28 - 'Login' Remote Buffer Overflow
!/usr/bin/python print "Dup Scout Enterprise 9.0.28 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...
Mozilla Firefox v48.0.2 - (mozglue.dll) Denial of Service
Document Title: =============== Mozilla Firefox v48.0.2 - mozglue.dll Denial of Service References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1953 Release Date: ============= 2016-10-03 Vulnerability Laboratory ID VL-ID: ====================================...
Android Vulnerability CVE-2 0 1 5-3 8 2 5 analysis and exploit combat: from the Crash to hijacking your PC-vulnerability warning-the black bar safety net
CVE-2 0 1 5-3 8 2 5 is last year's Android system broke the high-risk vulnerabilities, and the CVE-2 0 1 4-7 9 1 1 all belong to the Android system deserialization vulnerability. By this vulnerability can be achieved Android system provides right and the code is executed and a series of attacks,...
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
Exploit Title: VLC Media Player 2.2.1 Buffer Overflow 2016-09-28 Author: sultan albalawi Software Link: https://www.videolan.org/vlc/releases/2.2.1.html Tested on:win7 video...
[SECURITY] Fedora 25 Update: jansson-2.9-1.fc25
Small library for parsing and writing JSON documents...
FreeBSD : mozilla -- multiple vulnerabilities (2c57c47e-8bb3-4694-83c8-9fc3abad3964)
Mozilla Foundation reports : CVE-2016-2827 - Out-of-bounds read in mozilla::net::IsValidReferrerPolicy low CVE-2016-5256 - Memory safety bugs fixed in Firefox 49 critical CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 critical CVE-2016-5270 - Heap-buffer-overflow in...
USN-3084-1: Linux kernel vulnerabilities
Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. CVE-2016-6136 It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did...
Cisco ACE Application Control Engine Detection
Detection of Cisco ACE Application Control Engine The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...
About the security content of Pages 3.0, Numbers 3.0, and Keynote 3.0 for iOS
About the security content of Pages 3.0, Numbers 3.0, and Keynote 3.0 for iOS This document describes the security content of Pages 3.0, Numbers 3.0, and Keynote 3.0 for iOS. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues...
Finecms 2.0.1 background GETSHELL 0DAY-vulnerability warning-the black bar safety net
FineCMS have a cache function, and when the Wordpress like, there is a cache function and cache file name is not random and the suffix is php, it leads to a can use background cache function getshell it. Below is the Payload PHP | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 | POST /inde...
Ocean CMS V6. 2 8 command execution 0DAY-vulnerability warning-the black bar safety net
t00ls a friend fuzz out of a 0day, but the analysis does not come out what's the problem, I analyze a bit. I is how to track this 0day? In fact, as long as the chase area parameters of the treated place. After a character is an illegal judgment, call echoSearchPage function area parameters after...
[SECURITY] Fedora 23 Update: phpMyAdmin-4.6.4-2.fc23
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...