11967 matches found
CVE-XX-XX:“an Atom of the truncated Hu”the Windows kernel to mention the right vulnerability analysis-vulnerability warning-the black bar safety net
! Author: PlayBoy23333 Royalties of: 500RMB(not taking you to the contributor!) Submission methods: send an email to linwei3 6 0. cn, or visit the web version of the online submission aintroduction A few days ago the Internet fooling around when found Rookitsmm on Github to share a mention the...
free-pdf.net XSS vulnerability
Vulnerable URL: http://free-pdf.net/search.php?q=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 18:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
Google Docs XSPA / SSRF
================================================================================ Google Docs - XSPA/SSRF ================================================================================ Author: Ashiyane Digital Security Team Vendor Homepage: http://docs.google.com/ Date : 09 September 2016...
Zabbix 3.0.3 SQL Injection
Exploit Title: 2.0 Zabbix 3.0.4 SQL Injection Python PoC Data: 20-08-2016 Software Link: www.zabbix.com Exploit Author: Unknownhttp://seclists.org/fulldisclosure/2016/Aug/82 Version: Zabbix 2.0-3.0.x3.0.4 PoC Author: Zzzians Contact: [email protected] Test on: Linux Debian/CentOS/Ubuntu -- coding...
FreePBX 13.0.x Code Execution
Vulnerable software : Freepbx Tested versions : 13.0.x $this-commandline = $commandline; $this-cwd = $cwd; Line 275 $commandline = $this-commandline; if '\' === DIRECTORYSEPARATOR && $this-enhanceWindowsCompatibility $commandline = 'cmd /V:ON /E:ON /C "'.$commandline.''; foreach...
I've heard that you don't need a password? Cisco ASA SNMP RCE vulnerability analysis using vulnerability warning-the black bar safety net
In this everyone seems to be committed to the HAPPY WEEKEND, have what way can let the WEEKEND BE MORE HAPPY? Cover(right now with a vulnerability how it?! Earlier on Twitter see: ! Then came the ! Seems very interesting, try it slightly. Disclaimer: In this article all information is for referen...
CVE-2014-9529
Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...
About the security content of Safari 9.1.3
About the security content of Safari 9.1.3 This document describes the security content of Safari 9.1.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...
chatNow - Multiple Vulnerabilities
Exploit Title: chatNow - Multiple Vulnerabilities Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://chatnow.thiagosf.net/ Software Link: https://github.com/thiagosf/chatNow/archive/master.zip Version: Latest commit Tested on: Debian wheezy 1...
BenignCertain: a can remotely extract the Cisco VPN key hack tool free leak files download address-vulnerability warning-the black bar safety net
One, Foreword In a flash, we came to this familiar yet strange Friday. In this past week, the field of network security in the most“eye-catching”the event certainly not“the NSA is a black event”Mo belong to. The United States Time 2 0 1 6 years 8 on 1 5 December, a named“The Shadow Brokers”of the...
Internet Bug Bounty: Py_DECREF on a non-owned object in the _sre module
I described this vulnerability in detail in a mail to the PSRT. A copy of my email, plus the fix for this issue, can be found here: https://bugs.python.org/issue27774...
Windows/x86 - MessageBoxA Shellcode (242 bytes)
/ Title : Windows x86 MessageBoxA shellcode Author : Roziul Hasan Khan Shifat Date : 14-08-2016 Tested On : Windows 7 starter x86 / / Disassembly of section .text: 00000000 : 0: 31 c9 xor %ecx,%ecx 2: 64 8b 41 30 mov %fs:0x30%ecx,%eax 6: 8b 40 0c mov 0xc%eax,%eax 9: 8b 70 14 mov 0x14%eax,%esi c: ...
NUUO 3.0.8 OS Command Injection
i? NUUO Multiple OS Command Injection Vulnerabilities Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: =3.0.8 NE-4160, NT-4040, NT-4040R DP: =04.07.0000.0030, =04.03.0000.0035 FW: =02.02.00, =1.7.0 Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS...
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
WordPress Plugin Ultimate Product Catalog 3.9.8 - doshortcode via ajax Blind SQL Injection Exploit Title: Wordpress Ultimate-Product-Catalog getrow"SELECT FROM $cataloguestablename WHERE CatalogueID=" . $id; $CatalogueItems = $wpdb-getresults"SELECT FROM $catalogueitemstablename WHERE CatalogueID...
Windows/x86 - localhost Port Scanner Shellcode (556 bytes)
/ Title : Windows x86 localhost port scanner shellcode Date : 29-07-2016 Author : Roziul Hasan Khan Shifat Tested on : Windows 7 x86 starter / / Disassembly of section .text: 00000000 : 0: 31 db xor %ebx,%ebx 2: 64 8b 43 30 mov %fs:0x30%ebx,%eax 6: 8b 40 0c mov 0xc%eax,%eax 9: 8b 70 14 mov...
AXIS Authenticated 远程命令执行漏洞
来源:packetstormsecurity Technical Details The devtools.sh script is the responsible for vulnerability and it's 4 attack vectors through the following pages: http://xxx.xxx.xxx.xxx/applicense.shtml?app= http://xxx.xxx.xxx.xxx/applicensecustom.shtml?app= http://xxx.xxx.xxx.xxx/appindex.shtml?app=...
Red Team Tool Roundup
In many cases Red Team tools are not written because someone feels like writing a tool, or wakes up one morning thinking, “I want to write a tool today”. Red Teamers generally identify tedious tasks in their methodology and then create tools that automate these tasks for current and future...
Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery
i? Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The...
DLA-559-1 ntp - security update
Bulletin has no description...
CVE-2016-4612
...