124 matches found
Exploit for Improper Privilege Management in Centreon
CVE-2019-19699 Centreon =\ After logging in we navi...
MSN Password Recovery 1.30 - XML External Entity Injection
Exploit Title: MSN Password Recovery 1.30 - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Tested on OS: Windows 10 + Exploit : PoC =================== 1...
HyperCam 5.5.1911.15 - XML External Entity Injection Vulnerability
Exploit Title: HyperCam 5.5.1911.15 - XML External Entity Injection Exploit Author : ZwX Exploit Date: 2019-11-16 Vendor Homepage : https://www.solveigmm.com/ Link Software : https://www.solveigmm.com/files/SolveigMMHyperCamHomeEdition55191115.exe Tested on OS: Windows 7 + Exploit : PoC...
KillerNetwork Manager 1.1.50.1414 - XML External Entity Injection Vulnerability
Exploit Title: Killer Network Manager 1.1.50.1414 - XML External Entity Injection Exploit Author : ZwX Exploit Date: 2019-11-16 Vendor Homepage : https://support.killernetworking.com/ Link Software : https://support.killernetworking.com/download/killer-network-manager-suite/ Tested on OS: Windows...
oXygen XML Editor 21.1.1 - XML External Entity Injection Vulnerability
Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m SimpleHTTPServer 8000...
oXygen XML Editor 21.1.1 XML Injection
Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m...
oXygen XML Editor 21.1.1 - XML External Entity Injection
oXygen XML Editor 21.1.1 - XML External Entity Injection Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version:...
winrar 5.80 - XML External Entity Injection Exploit
Exploit Title: winrar 5.80 - XML External Entity Injection Exploit Author: albalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit POC 1- python -m SimpleHTTPServer listens Port 8000 2- ope...
Path Traversal
Overview Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later. References - HackerOne Report...
Denial Of Service (DoS)
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...
Information Disclosure
Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays dictionaries in Python. An attacker able to supply a large number of inputs to a Python application such as HTTP POST request parameters sent...
Apache Axis 1.4 - Remote Code Execution
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis Author: David Yesland @daveysec, Rhino...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...
Path Traversal in simplehttpserver
Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 0.2.1 or later...
Cross-site Scripting (XSS)
Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...
Path Traversal in simplehttpserver
All versions of simplehttpserver are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL. Recommendation No fix is currently available. Do not use simplehttpserver in production or consider using an...
h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +4 more potentially affected by CVE-2018-16478 via simplehttpserver (>=0.0.6 <=0.2.1)
simplehttpserver NPM version =0.0.6, =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-16478 Source advisory: OSV:GHSA-VWR2-WJ63-86GR...
GHSA-VWR2-WJ63-86GR Path Traversal in simplehttpserver
All versions of simplehttpserver are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL. Recommendation No fix is currently available. Do not use simplehttpserver in production or consider using an...
simplehttpserver path traversal vulnerability (CNVD-2018-25186)
simplehttpserver is a Python based HTTP server for testing, development and debugging of projects. A path traversal vulnerability exists in simplehttpserver 0.2.1 and earlier versions. An attacker can use this vulnerability to list arbitrary files in other folders in the web root directory...