11967 matches found
Amazon Linux AMI : libldb (ALAS-2016-633)
A denial of service flaw was found in the ldbwildcardcompare function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb for example the AD LDAP server in Samba, would cause that application to consume an excessive amount of memo...
phpDolphin 2.0.5 - Multiple Vulnerabilities
Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are secured at all. But we've included some interesting...
scioly.org XSS vulnerability
Vulnerable URL: http://scioly.org/wiki/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:19 GMT Vulnerability type:| XSS Vulnerability...
Digi Connect SP, Digi Connect Wi-SP, Digi Connect ME, Digi Connect ME 4 MB, Digi Connect Wi-ME, Digi Connect EM, Digi Connect Wi-EM 弱口令
参考链接: http://ftp1.digi.com/support/documentation/90000565P1.pdf...
ConnectPort TS 4x4, ConnectPort TS 4x2, ConnectPort TS W, ConnectPort TS 8, ConnectPort TS 8 MEI, ConnectPort TS 16 弱口令
参考链接:http://ftp1.digi.com/support/documentation/90000565P1.pdf...
help.atlascollege.nl XSS vulnerability
Vulnerable URL: http://help.atlascollege.nl/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:14 GMT Vulnerability type:| XSS Vulnerabilit...
BMP Polyglot
Encodes a payload in such a way that the resulting binary blob is both valid x86 shellcode and a valid bitmap image file .bmp. The selected bitmap file to inject into must use the BM Windows 3.1x/95/NT header and the 40-byte Windows 3.1x/NT BITMAPINFOHEADER. Additionally the file must use either ...
Simple PHP Polling System - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title : Multiple Vulnerabilities in Simple PHP Polling System. Author : WICS Date : 05-Jan-2016 Software Link : http://sourceforge.net/projects/pollingsystem/ Overview : Simple PHP Polling System helps organizations to make polls of...
Open Audit - SQL Injection
Exploit for php platform in category web applications Exploit Title : Open Audit SQL Injection Vulnerability Exploit Author : Rahul Pratap Singh Date : 2/Jan/2016 Home page Link : https://github.com/jonabbey/open-audit Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin :...
Open Audit - SQL Injection
Exploit Title : Open Audit SQL Injection Vulnerability Exploit Author : Rahul Pratap Singh Date : 2/Jan/2016 Home page Link : https://github.com/jonabbey/open-audit Website : 0x62626262.wordpress.com Twitter : @0x62626262 Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 1. Description "id...
[SECURITY] Fedora 23 Update: kernel-4.2.8-300.fc23
The kernel meta package...
Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit
Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities. Overview ======== Libnsgif1 is a decoding library for GIF images. It is primarily developed and used as part of the NetSurf project. As of version 0.1.2, libnsgif is vulnerable to a stack overflow...
Wireshark - wmem_alloc Assertion Failure
Wireshark - wmemalloc Assertion Failure Source: https://code.google.com/p/google-security-research/issues/detail?id=662 The following crash due to an asserion failure can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr...
Joomla 1.5 - 3.4.5 - Object Injection Remote Command Execution Exploit
Exploit for php platform in category web applications ''' Simple PoC for Joomla Object Injection. Gary @ Sec-1 ltd http://www.sec-1.com/ ''' import requests easyinstall requests def geturlurl, useragent: headers = 'User-Agent': useragent cookies = requests.geturl,headers=headers.cookies for in...
Testimonials 1.0 Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Souk Naamane 0 1 + Support e-mail :...
app.unipulse.cn XSS vulnerability
Vulnerable URL: http://app.unipulse.cn/enterprise/jsp/templet/browse/TempletBrowse.jsp?domain=unipulse.cn=10016==ou%3d10016,ou%3d10002,ou%3dData,ou%3dunipulse.cn,o%3deast=0=0=ou%3d10002,ou%3dData,ou%3dunipulse.cn,o%3deast=5=app.unipulse.cn=cAnonymous=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E...
Lenovo System Update found two mention of the right to exploit the principle of analysis-vulnerability warning-the black bar safety net
Lenovo released the latest System Update announcement in two mention the right vulnerability is me in a few weeks to submitCVE-2 0 1 5-8 1 0 9, CVE-2 0 1 5-8 1 1 0IOActive as well as Lenovo in this report issued a warning! Details of the bedding In the detoxification of the details before we star...
brownarrow.se XSS vulnerability
Vulnerable URL: http://www.brownarrow.se/Shop/Index.php/"';--/?sLang=LangEng Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:59 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Googl...
butiksok.se XSS vulnerability
Vulnerable URL: http://butiksok.se/ab-public/search-store.php?search=0-0="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 1 VIP websit...
JosephErnest Void跨站脚本漏洞
No description provided by source...