AirDroid iOS / Android / Win 3.1.3 - Persistent

Document Title: =============== Airdroid iOS, Android & Win 3.1.3 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1543 Release Date: ============= 2015-07-20 Vulnerability Laboratory ID VL-ID: ==================================...

CVE-2015-5360

Juniper Junos IPv6 SEND handling DoS (CVE-2015-5360) affects Junos with SEND security-level default enabled. A remote attacker can craft SEND Protocol packets to trigger CPU exhaustion, impacting CLI responsiveness and IPv6 packet processing. Exploitation details are described in multiple sources...

CVE-2015-5360

IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.2 before 14.2R3, 15.1 before 15.1R1, and...

Juniper Networks Junos OS IPv6 sendd DoS Vulnerability

Junos OS is prone to a Denial of Service vulnerability in the SEND daemon. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

'Undo Send' — How to Unsend Emails in Gmail

Sending an important and confidential email to one of my friends and mistakenly clicked send to someone else. Holy crap! This is something experienced by everyone of us at some point. When we accidentally hit the reply-all button, send an email to the wrong person, or sometimes forget to attach a...

Security update for xen (important)

Xen was updated to 4.4.2 to fix multiple vulnerabilities and non-security bugs. The following vulnerabilities were fixed: CVE-2015-4103: Potential unintended writes to host MSI message data field via qemu XSA-128 boo931625 CVE-2015-4104: PCI MSI mask bits inadvertently exposed to guests XSA-129...

CVE-2015-4346

Cross-site scripting XSS vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews...

CVE-2015-4346

Cross-site scripting XSS vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews...

PHPMPS v2.3 /member.php SQL注入漏洞

/member.phpcase 'send': $paycenter = trim$POST'paycenter'; $contactname = trim$POST'contactname'; $telephone = trim$POST'telephone'; $email = trim$POST'email'; $username = trim$POST'username'; $orderid = trim$POST'orderid'; $time = time; $ip = getip; $payonlinesetting = getpaysetting;...

Windows x64 Command Shell, Windows x64 IPv6 Bind TCP Stager with UUID Support

Spawn a piped command shell Windows x64 staged. Listen for an IPv6 connection with UUID Support Windows x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 526 include...

Pimcore /reports/newsletter/send HOST parameter command execution vulnerability

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /reports/newsletter/send fails to properly handle the 'HOST' GET parameter, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary commands...

Packet Sender - The UDP and TCP Network Test Utility

Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It is available free no ads / no bundleware for Windows , Mac , and Linux. It can be used for both commercial and personal use license. It's designed to be very easy to use while still providing enough...

Send-Only Postfix Server

Postfix is an MTA Mail Transfer Agent, an application used to send and receive email. In this tutorial, we will install and configure Postfix so that it can be used to send emails by local applications only. Why would you want to do that? If you’re already using a third-party email provider for...

Mozilla Firefox/Thunderbird navigator.sendBeacon implements CORS access control check bypass vulnerability

Mozilla Firefox/SeaMonkey is a WEB browser/newsgroup client released by Mozilla. A CORS access control check bypass vulnerability in the HTTP 30X status code of the Mozilla Firefox Onavigator.sendBeacon implementation that handles redirects allows remote attackers to exploit the vulnerability to...

Multiple Mozilla Products navigator.sendBeacon Cross-Site Request Forgery Vulnerability

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...

OkCupid: XSS on Send A Message Option

Attacker can send XSS Payload through Message Option . POC: https://www.dropbox.com/s/ieoeu6bw4bj7dqt/xss.mkv?dl=0...

SA-CONTRIB-2015-054 - SMS Framework - Cross Site Scripting (XSS)

SMS Framework module enables you to send and receive SMS messages from and into Drupal. The module doesn't sufficiently sanitize user supplied text in message previews, thereby exposing a reflected Cross Site Scripting vulnerability. An attacker could exploit this vulnerability by getting the...

UBUNTU-CVE-2014-8638

The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery...

Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)

The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service application crash via a crafted JavaScript object...

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...