866 matches found
Burrowing posture: analysis of a command injection vulnerability-vulnerability warning-the black bar safety net
Command injection is a Common Vulnerability pattern. Once there is a command injection vulnerability, the attacker may be in the target system to execute arbitrary commands. Here, we have to mention another one called remote code execution RCE of vulnerability-many people always put these two...
Sleep as Android - Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Sleep as Android published at the 'play' market has multiple vulnerabilities...
kernel security, bug fix, and enhancement update
3.10.0-514.21.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.21.1 - kernel sched/core: Fix an SMP ordering race in trytowakeup vs...
DEBIAN-CVE-2017-8071
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service deadlock via unspecified vectors...
Itech B2B Script 4.28 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Itech B2B Script v4.28 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/b2b-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.c...
Microsoft Windows 10 Virtualization-Based Security Bypass - us
Lenovo Security Advisory: LEN-8584 Potential Impact: Microsoft Virtualization-based security bypass by an attacker with administrative privileges Severity: Medium Scope of Impact: Industry-Wide Summary Description: A vulnerability affecting the virtualization-based security in Microsoft Windows 1...
SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)
This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...
Accessing data on Self-Encrypting drives while a system is in sleep state
Lenovo Security Advisory: LEN-2910 Potential Impact: Physical access of encrypted data Severity: Informational Summary: At the BlackHat Europe 2015 conference, KPMG disclosed an industry-wide vulnerability affecting hard disk drives that employ hardware-based Full Disk Encryption FDE. These drive...
Uber: SQL Injection on sctrack.email.uber.com.cn
Hi, Uber Security team I just traveled to China, when I call Uber in China. I received an advertisement mail from Uber and I found the unsubscribe link is different from the original unsubscribe link, and there is a SQL Injection under the unsubscribe link. You can see where to find the unsubscri...
Streamo Online Radio And TV Streaming CMS - SQL Injection
Streamo Online Radio And TV Streaming CMS - SQL Injection Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...
iSQL 1.0 Shell Command Injection
!/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link: https://github.com/roselone/iSQL/archive/master.zip Version: 1.0 Tested on: Debian wheezy CVE...
FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (976567f6-05c5-11e6-94fa-002590263bf5)
Jouni Malinen reports : wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316 %NASLMINLEVEL 70300 C Tenable Network...
ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)
A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...
悟空CRM无需任何权限的SQL注入漏洞2(ThinkPHP特性)
简要描述: 一个没有权限控制的类,正好又有注入 (给L.N.添堵系列之三) 另外厂商分给高点呗,别这么小气本来不想挖了的。 详细说明: /App/Lib/Mobile/LogMobile.class.php 这个类没有权限验证(initialize方法)哦 看到edit函数: //修改沟通日志 public function edit if$this-isPost $id = isset$POST'id' ? intval$POST'id' : 0; $params = jsondecode$POST'params',true; if!isarray$params...
Sleep Bug Kids Lite - Base64 encoded String, Exported ContentProvider, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Sleep Bug Kids Lite published at the 'play' market has multiple vulnerabilities...
Lullaby Pony Sleep - Base64 encoded String, Customized SSL vulnerabilities
HackApp vulnerability scanner discovered that application Lullaby Pony Sleep published at the 'play' market has multiple vulnerabilities...
Baby Sleep - Dynamic Code Loading, External URLs, Unsafe deleting vulnerabilities
HackApp vulnerability scanner discovered that application Baby Sleep published at the 'play' market has multiple vulnerabilities...
Sleep Music and Sounds - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Sleep Music and Sounds published at the 'play' market has multiple vulnerabilities...
Healthy Sleep Diary - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Healthy Sleep Diary published at the 'play' market has multiple vulnerabilities...
Deep Sleep and Relax Hypnosis - Base64 encoded String, Customized SSL, Dangerous filesystem permissions vulnerabilities
HackApp vulnerability scanner discovered that application Deep Sleep and Relax Hypnosis published at the 'play' market has multiple vulnerabilities...