D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability due to a flaw in the sub415028 function in the goform/setsticleases file. An attacker can exploit the vulnerability to execute arbitrary commands on the system...

Multiple OEM - 'nsd' Remote Stack Format String (PoC)

STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day - PoC - 1 $ curl...

Internet Bug Bounty: SPDY heap buffer overflow

A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0133. The problem affects nginx 1.3.15 -...

Internet Bug Bounty: SPDY memory corruption

A bug in the experimental SPDY implementation in nginx 1.5.10 was found, which might allow an attacker to corrupt worker process memory by using a specially crafted request, potentially resulting in arbitrary code execution CVE-2014-0088. The problem only affects nginx 1.5.10 on 32-bit platforms,...

Unfixed XSS vulnerability at www.stic-online.de

Security researcher hexon, has submitted on 19/11/2010 a cross-site-scripting XSS vulnerability affecting www.stic-online.de, which at the time of submission ranked 20783224 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. It is...