WordPress Plugin Mail Masta 1.0 - SQL Injection

WordPress Plugin Mail Masta 1.0 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in Mail Masta aka mail-masta plugin 1.0 for Wordpress. Date: 02/18/2017 Exploit Author: Hanley Shun Vendor Homepage: https://wpcore.com/plugin/mail-masta Software Link:...

CVE-2016-8357

An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application...

Informatica: Stored XSS via Discussion Title and Send as Email attribute in [marketplace.informatica.com]

POC === 1. Under "Your Stuff" choose to "Create a Discussion/Ask a question" 2. Choose a space to submit your discussion/question. Any space will do. 3. Title your discussion with the payload " 4. Choose "Post message" to publish. 5. View the message as any user. Under "Actions" choose to "Send a...

Path traversal

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

UBUNTU-CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

DEBIAN-CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors...

CVE-2015-8859

CVE-2015-8859 concerns the Node.js send package prior to 0.11.1, where an information leakage/root path disclosure vulnerability exists via unspecified vectors. Connected sources (GHSA-... and OSV entries) confirm this vulnerability, with remediation advised to upgrade to 0.11.1 or later. Affecte...

StreamProcess.exe is consuming high CPU spike on PVS Servers.

The Streamprocess.exe was consuming high CPU on the PVS servers. The Perfmon suggested sustained spike in Kernel mode and process dumps revealed that we were waiting for the Packet Send & Receive...

Linux kernel local denial of service vulnerability (CNVD-2016-13294)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability in the 'socksetsockopt' function of the net/core/sock.c file in Linux kernel 3.4.99 and earlier stems from the program's failure to properly handle...

DEBIAN-CVE-2016-9793

The socksetsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...

DEBIAN-CVE-2012-6704

The socksetsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sksndbuf and skrcvbuf, which allows local users to cause a denial of service memory corruption and system crash or possibly have unspecified other impact by leveraging the CAPNETADMIN...

MacOS Kernel < 10.12.2 / iOS < 10.2 - _kernelrpc_mach_port_insert_right_trap Reference Count L

Exploit for multiple platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40956.zip The previous ref count overflow bugs were all kinda...

MS16-148: Description of the security update for Excel 2013: December 13, 2016

MS16-148: Description of the security update for Excel 2013: December 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Boa Webserver Buffer Overflow Vulnerability

Boa Webserver is a high performance web server for Unix-like computers. A buffer overflow vulnerability exists in the 'sendredirect' function in Boa Webserver version 0.92r. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to cause a denial of servi...

CVE-2016-9564

Buffer overflow in sendredirect in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters...

PT-2016-7778 · Boa · Boa Web Server

Name of the Vulnerable Software and Affected Versions: Boa Webserver version 0.92r Description: The issue is related to a buffer overflow in the send redirect function, which can be triggered by remote attackers through an HTTP GET request. This request must contain a long URI with only '/' and '...