Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the php-fpm service running on a server with a configuration that includes a "location" block with a...

Task Scheduler S4U Logon Elevation of Privilege

The windows task scheduler allows a split token administrator to register a task which runs as a batch job from a limited privilege context. This doesn’t require a user’s password to accomplish as the task will be run non-interactively and so doesn’t need access to the password in order to access...

DEBIAN-CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

DEBIAN-CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

UBUNTU-CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

UBUNTU-CVE-2013-3551

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

CVE-2013-4088

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

CVE-2013-4088

Summary (CVE-2013-4088) : Open Ticket Request System (OTRS) components Kernel/Modules/AgentTicketWatcher.pm in OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 allowed remote attackers with a valid agent login to read restricted tickets via a crafted URL using the ticket spli...

CVE-2014-10399

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

UN Secretary-General: US-China Tech Split Worse Than Cold War

In an interview with WIRED editor in chief Nicholas Thompson, António Guterres says the world's next major conflict will start in cyberspace...

UBUNTU-CVE-2019-13445

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line...

CVE-2019-13445

An issue was discovered in the ROS communications-related packages aka roscomm or ros-melodic-ros-comm through 1.14.3. parseOptions in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line...

Top 7 PDF Tools to Edit, Merge/Split and Protect PDF

By Uzair Amir This article showcases the Top 7 PDF tools so let's get into it. This is a post from HackRead.com Read the original post: Top 7 PDF Tools to Edit, Merge/Split and Protect PDF...

UBUNTU-CVE-2019-18848

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...

Eset Mobile Security 5.2.18.0 Lock Bypass

Exploit Title: Bypassing Eset Mobile Security App Using Android's Split-Screen Feature Date: 11.11.2019 Exploit Author: Ferhat Cil linkedin:ferhatcil Vendor Homepage: Eset Version: 5.2.18.0 Tested on: Android 9.1.0.142, Android 8.1.0 Security App let's you lock your apps on your phone, but if you...

Cross site scripting

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...

CVE-2019-4396

IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split...

DEBIAN-CVE-2019-14437

The xiphSplitHeaders function in modules/demux/xiph.h in VideoLAN VLC media player 3.0.7.1 does not check array bounds properly. As a result, a heap-based buffer over-read can be triggered via a crafted .ogg file...