881 matches found
Path traversal
Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...
CVE-2018-16479
CVE-2018-16479 affects the package http-live-simulator (versions before 1.0.7). The root cause is insufficient input sanitization in the pathname, allowing a path traversal attack by appending extra slashes after the URL, which can lead to unauthorized access to arbitrary files on disk. Public ad...
How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page. The reported...
MTGAS MOGG Web Simulator Script - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MOGG web simulator Script - SQL Injection Exploit Author: Meisam Monsef - email protected - @meisamrce - @dorsateam Vendor Homepage: https://github.com/spider312/mtgas Version: All Version Exploit :...
MOGG Web Simulator SQL Injection
Exploit Title: MOGG web simulator Script - SQL Injection Date: 2018-10-29 Exploit Author: Meisam Monsef - [email protected] - @meisamrce - @dorsateam Vendor Homepage: https://github.com/spider312/mtgas Version: All Version Exploit : http://server/play.php?id=99999'+SQL Command+...
MTGAS MOGG Web Simulator Script - SQL Injection
MTGAS MOGG Web Simulator Script - SQL Injection Exploit Title: MOGG web simulator Script - SQL Injection Date: 2018-10-29 Exploit Author: Meisam Monsef - [email protected] - @meisamrce - @dorsateam Vendor Homepage: https://github.com/spider312/mtgas Version: All Version Exploit :...
MTGAS MOGG Web Simulator Script - SQL Injection
Exploit Title: MOGG web simulator Script - SQL Injection Date: 2018-10-29 Exploit Author: Meisam Monsef - [email protected] - @meisamrce - @dorsateam Vendor Homepage: https://github.com/spider312/mtgas Version: All Version Exploit : http://server/play.php?id=99999'+SQL Command+...
Directory Traversal
http-live-simulator is vulnerable to directory traversal attacks. The vulnerable exists due to the lack of sanitization on the value of pathname, allowing directory traversal attacks...
Node.js third-party modules: [http-live-simulator] Path traversal vulnerability
Module module name: http-live-simulator version: 1.0.6 npm page: https://www.npmjs.com/package/http-live-simulator Description this vulnerability is a bypass for the one found in this report in version 1.0.5 Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the...
Node.js third-party modules: http-live-simulator npm module is prone to path traversal attacks
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Path Traversal...
Delta Industrial Automation COMMGR AHSIM_5x0 Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of TCP packets sent to the AHSIM 5x0 Simulator. The issu...
Delta Industrial Automation COMMGR DVP Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to the DVP Simulator. The issue...
Delta Industrial Automation COMMGR AHSIM_5x1 Simulator Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation COMMGR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of TCP packets sent to the AHSIM 5x1 Simulator. The...
Ubuntu: Security Advisory (USN-3678-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3678-4: Linux kernel (Raspberry Pi 2) vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...
USN-3678-4 linux-raspi2 vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...
Ubuntu: Security Advisory (USN-3678-3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3678-2: Linux kernel (Azure) vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...
USN-3678-2 linux-azure vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovere...
USN-3678-1 linux, linux-aws, linux-gcp, linux-kvm vulnerabilities
Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service system crash when mounted. CVE-2018-1092 It was discovered...