CVE-2016-1000150

Reflected XSS in wordpress plugin simplified-content v1.0.0...

CVE-2016-1000150

CVE-2016-1000150 describes a Reflected XSS in the WordPress plugin simplified-content v1.0.0 . The vulnerability affects the plugin’s input handling, allowing an attacker to inject arbitrary script via reflected content. Multiple connected sources corroborate this finding, with consistent descrip...

VenShop System 2010 Database Disclosure

======================================================================== | Title : VenShop system 2010 Database Disclosure Exploit | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : Mortals online shopping system 2010 Simplified Chinese...

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

Out-of-bounds

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

chromium-browser: memory corruption in V8

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified oth...

CVE-2014-7554

The Bouqs - Flowers Simplified aka com.bouqs.activity application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Bouqs - Flowers Simplified aka com.bouqs.activity application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7554

CVE-2014-7554 concerns the Bouqs - Flowers Simplified Android app (com.bouqs.activity, version 1.8.4) failing to verify X.509 TLS certificates. This creates a vulnerability where man-in-the-middle attackers could spoof SSL servers and access sensitive information by presenting crafted certificate...

HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities

The version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that...

QQPlayer asx File Processing Buffer Overflow Exploit

No description provided by source. Title: QQPlayer asx File Processing Buffer Overflow Exploit Author: Li Qingshan of Information Security Engineering Center,School of Software and Microelectronics,Peking University Vendor: www.qq.com Platform: Windows XPSP3 Chinese Simplified Test: QQPlayer...

QQPlayer cue File Buffer Overflow Exploit

No description provided by source. !/usr/bin/env python Title: QQPlayer cue File Buffer Overflow Exploit Author: Lufeng Li of Neusoft Corporation Vendor: www.qq.com Platform: Windows XPSP3 Chinese Simplified Tested: QQPlayer 2.3.696.400 Vulnerable: QQPlayer=2.3.696.400p1 Code : head = '''FILE '''...

Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)

The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOA...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directo...

Microsoft Office Remote Code Execution Vulnerabilities (2961037)

This host is missing an important security update according to Microsoft Bulletin MS14-023. OpenVAS Vulnerability Test $Id: gbms14-023.nasl 6735 2017-07-17 09:56:49Z teissa $ Microsoft Office Remote Code Execution Vulnerabilities 2961037 Authors: Antu Sanadi Copyright: Copyright C 2014 Greenbone...

CVE-2011-2010

The Microsoft Office Input Method Editor IME for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the...

Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)

This host is missing an important security update according to Microsoft Bulletin MS11-088. OpenVAS Vulnerability Test $Id: secpodms11-088.nasl 5362 2017-02-20 12:46:39Z cfi $ Microsoft Office IME Chinese Privilege Elevation Vulnerability 2652016 Authors: Antu Sanadi Copyright: Copyright c 2011...

CVE-2011-2010

The CVE-2011-2010 issue affects the Microsoft Office IME (Chinese) for Simplified Chinese in Pinyin IME 2010 family (MSPY), including Office Pinyin SimpleFast Style 2010 and Office Pinyin New Experience Style 2010. The root cause is improper restriction of configuration options in the IME toolbar...

Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)

This host is missing an important security update according to Microsoft Bulletin MS11-088. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Rising - RSNTGDI.sys Local Denial of Service

Rising - RSNTGDI.sys Local Denial of Service / On the net.We can found these file has published a BUG.In that.The BUG has found in CONTROL CODE:0x83003C0B.So.I check these file in othere CONTROL CODE.Just for fun..... Exploit Title: Rising RSNTGDI.sys Local Denial of ServiceCONTROL CODE:83003C13...