5315 matches found
FreeBSD-SA-16:36.telnetd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:36.telnetd Security Advisory The FreeBSD Project Topic: Possible login1 argument injection in telnetd8 Category: core Module: telnetd Announced: 2016-12-06...
Edge SkateShop - Authentication bypass
Edge SkateShop - Authentication bypass Exploit Title: Edge SkateShop Authentication Bypass Date: 6/12/2016 Exploit Author: Delilah Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html Software Link:...
New Large-Scale DDoS Attacks Follow Schedule
A powerful new botnet is being blamed for massive and sustained DDoS attacks that security researchers at CloudFlare compare to Mirai when it comes to intensity and scope. The attacks began Nov. 23 and ran for eight hours daily, similar to an average workday. The consistent attacks occurred for...
ShellcodeCompiler - Shellcode C/C++ Compiler for Windows
Shellcode Compiler is a program that compiles C/C++ style code into a small, position-independent and NULL-free shellcode for Windows. It is possible to call any Windows API function in a user-friendly way. Shellcode Compiler takes as input a source file and it uses it's own compiler to interpret...
Mail.ru: [element.mail.ru] /.svn/entries
Рвой диŃокŃĐžŃии ŃĐ°ĐšŃĐ° ŃОдоŃМиŃŃŃ ĐżĐ°ĐżĐşĐ° ĐžŃ Subversion. ТоОŃĐľŃиŃĐľŃки ŃŃĐž Đ´Đ°ĐľŃ ŃĐ°ŃĐşŃŃŃио иŃŃ ĐžĐ´Đ˝ŃŃ ĐşĐžĐ´ĐžĐ˛, нО в даннОП ŃĐťŃŃĐ°Đľ ŃĐ°ĐšĐťŃ Ń ŃĐ°ŃŃиŃониоП .php.svn-base ŃОМо иŃпОНнŃŃŃŃŃ Đ˛ĐľĐą-ŃĐľŃвоŃОП. ĐŃиПоŃ: https://element.mail.ru/.svn/entries 10 dir 14...
SonicWALL Global Management System File Disclosure
File disclosure vulnerability in SonicWALL Global Management System GMC service Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Chrome the improper use of Flash message loop leads to the UXSS Vulnerability, CVE-2016-1631ďź
Author: Avfisher@network sharp knife 0x00 Preface This writing comes from a few days ago a buddy sent me a bug link to let the author help explain the vulnerability principle, in order to facilitate the partner understanding and left notes for future reference and then write this article. This...
PHP 'ext/phar/phar_object. c' heap overflow vulnerability, CVE-2016-4342ďź
Parse . tar/. zip/. phar file, the stack boundary condition control is not strict, leading to possible heap overflow. Create a new empty file"aaaa"0 byte, packaged into a "aaaa. tar"file is not compressed before the aaaa file size is 0 it. By PharFileInfo object getContent method to get the aaaa...
Udemy: Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com
Howdy, @udemy! Summary: ======= I am writing to inform you of a critical information disclosure bug via an exposed Jenkins dashboard located at https://jenkins101.udemy.com. Upon navigating to this address, I was asked to authenticate with my Github account. After authenticating, I was surprised ...
Sagem Fast 3304-V2 Credential Disclosure
Exploit title: FAST3304v2 Credentials Disclosure vulnerability Author: Nassim Asrir Author Company: HenceForth Author Email: [email protected] Discovered on: 13/11/2016 Tested on: Linux x8664 / Mozilla Firefox 49. Tested Version: Sagem Fast 3304-V2 other versions may also be affected Vendor:...
Microsoft Windows Kernel - win32k Denial of Service (MS16-135) Exploit
Exploit for windows platform in category dos / poc / Source: https://github.com/tinysec/public/tree/master/CVE-2016-7255 Full Proof of Concept: https://github.com/tinysec/public/tree/master/CVE-2016-7255 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40745.z...
Classic kernel vulnerabilities debugging notes-vulnerability warning-the black bar safety net
Foreword The kernel vulnerability for me has always been a bridge, remember two years ago, just contact binary vulnerability when, at the time today's protagonist has just appeared, when debugging this vulnerability when the whole heart is crashing, and recently I relive a bit of the vulnerabilit...
Internet Bug Bounty: NULL Pointer Dereference in WDDX Packet Deserialization with PDORow
bug report at: https://bugs.php.net/bug.php?id=73331 fix commit at: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d...
Test-Run DDoS Attacks Against Liberia Cease
Intermittent DDoS attacks powered by the largest of the many Mirai-powered botnets targeting the African nation of Liberia have ceased today. Researcher Kevin Beaumont who disclosed the attacks on Thursday said also that the domain controlling the attackerâs command and control infrastructure was...
My Little Forum 2.3.7 File Disclosure
Title: ====== My Little Forum 2.3.7 - Source Code Disclosure Product & Service Introduction: =============================== My little forum is a simple PHP and MySQL based internet forum that displays the messages in classical threaded view tree structure. It is Open Source licensed under the GN...
Imgur: Unauthenticated Docker registry
A docker registry was open and unauthenticated, giving access to outdated Imgur source code and secret keys...
The Linux kernel through kill to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net
The Linux kernel in the processing memory write copies Copy-on-Write when the existence conditions of competitive vulnerability, the result can be destruction of private read-only memory mapping. A low-privileged local user can exploit this vulnerability to obtain additional read-only memory-mapp...
EC-CUBE 2.12.6 - Server-Side Request Forgery
Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery Date: 22/10/16 Exploit Author: Wad Deek Vendor Homepage: http://en.ec-cube.net/ Software Link: http://en.ec-cube.net/download/ Version: 2.12.6en-p1 Tested on: Xampp on Windows7 Fuzzing tool:...
Cgiemail Source Code Disclosure Vulnerability
CGIEmail is a WEB-based mail processing system. A source code disclosure vulnerability exists in Cgiemail version 1.6, which allows an attacker to retrieve the source code of a script file e.g., PL, CGI, and BAT from the server by sending a specially crafted request that contains square brackets...
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation MS16-124 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=871 Windows: NtLoadKeyEx Read Only Hive Arbitrary File Write EoP Platform: Windows 10 10586 not tested 8.1 Update 2 or Windows 7...