EPIC MyChart - X-Path Injection

Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...

CVE-2015-7972

The 1 libxlsetmemorytarget function in tools/libxl/libxl.c and 2 libxlbuildpost function in tools/libxl/libxldom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand PoD system, which allows local HVM guest users to cause a denial of service...

CVE-2012-4402

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service...

php520-local.txt

// Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C" IISFUNCAPI int fnGetServiceStateLPCTSTR ServiceId; // extern...

TOCTOU with NT System Service Hooking

TOCTOU Time-Of-Check-to-Time-Of-Use problem is known for a while 1. Nevertheless such bugs are still not uncommon. That is more or less acceptable for general software but not for security products. I believe there are drivers that hook kernel system services by well known technique 2,3,4. Those...