579 matches found
Design/Logic Flaw
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response...
Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service
Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...
CVE-2016-2961
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace...
CVE-2016-2961
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace...
Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)
Exploit for ruby platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Development Web Console v2 Code Execution', 'Description' =...
Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Development Web Console v2 Code Execution', 'Description' = %q This module exploits a remote code execution featu...
GDB-Dashboard - Modular Visual Interface For Gdb In Python
Modular visual interface for GDB in Python. This comes as a standalone single-file .gdbinit which, among the other things, enables a configurable dashboard showing the most relevant information during the program execution. Its main goal is to reduce the number of GDB commands issued to inspect t...
Git-1.9.5 ssh-agent.exe Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Vendor: ================================ git-scm.com Product: ================================ Git-1.9.5-preview20150319.exe github.com/msysgit/msysgit/releases/tag/Git-1.9.5-preview20150319 Vulnerability Type: =================== Buffer Overflow...
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server is a set of e-mail service programs from the American company Microsoft Microsoft. An information disclosure vulnerability exists when OWA in Microsoft Exchange Server fails to properly process Web requests. An attacker can exploit the vulnerability to discover the stack...
Mock SMTP Server 1.0 Remote Crash PoC
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title: Mock SMTP Server 1.0 Remote Crash PoC Date: 23-08-2015 Exploit Author: Shankar Damodaran Author's Twitter : @sh4nx0r Vendor Homepage: http://mocksmtpserver.codeplex.com Software Link:...
Microsoft Office 2007 MSO.dll Use-After-Free Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified...
Microsoft Office 2007 - mso.dll Use-After-Free (MS15-081)
Microsoft Office 2007 - mso.dll Use-After-Free MS15-081 Source: https://code.google.com/p/google-security-research/issues/detail?id=414&can=1 The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application...
Microsoft Internet Explorer stack Property Descriptor Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Zendesk: Error stack trace enabled
The researcher found an endpoint that generated a stack-trace for a specified URL input...
McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free (PoC)
McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free PoC McAfee SiteAdvisor 3.7.2 for firefox Use After Free Poc / Title: McAfee SiteAdvisor 3.7.2 firefox Use After Free Author: Marcin Ressel Twitter: https://twitter.com/mressel NPMcFFPlg32.dll McAfee SiteAdvisor 3.7.2 Tested on: Windows 8.1 x64 and...
Whisper: Error stack trace
Open wid param broken http://prod.whisper.sh/whispers/replies?uid=050e3617a744474140874730dbe5055367c5c5&wid=04d27d987de7f897580096b099815691cd4a89%27%22&sme=false and got error stack trace...
Enter: Error stack trace
Make request removed csrf token in POST data POST /settings HTTP/1.1 Host: wallet.robocoin.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:34.0 Gecko/20100101 Firefox/34.0 Accept: / Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type:...
Design/Logic Flaw
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...
CVE-2 0 1 4-1 7 7 2 – Internet Explorer Use After Free vulnerability detailed analysis-vulnerability warning-the black bar safety net
http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-of-cve-2014-1772-an-internet-explorer-use-after-free-vulnerability/ Translated from TrendLabs ! /Article/UploadPic/2014-11/2014111310206615.jpg We often see a wide variety of vulnerabilities, from the user-after-free...
CVE-2014-8526
McAfee Network Data Loss Prevention NDLP before 9.3 allows local users to obtain sensitive information by reading a Java stack trace...