CVE-2018-19509

wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS...

CVE-2017-16368

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string...

Alienvault OSSIM av-centerd 4.7.0 get_log_line Command Injection

require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within Util.pm. The vulnerability is triggered due to an unsanitiz...

linux/x64 gghunter - 24 bytes

/ ;Title: x64 Linux egghunter in 24 bytes ;Author: David Velázquez a.k.a d4sh&r ;Contact: https://mx.linkedin.com/in/d4v1dvc ;Description: x64 Linux egghunter that looks for the string "h@ckh@ck" ; and then execute the shellcode ;Tested On: Linux kali64 3.18.0-kali3-amd64 x8664 GNU/Linux ;Compile...

Samhain Labs 1.x - HSFTP Remote Format String

/ source: https://www.securityfocus.com/bid/9715/info hsftp has been found to be prone to a remote print format string vulnerability. This issue is due to the application improper use of a format printing function. Ultimately this vulnerability could allow for execution of arbitrary code on the...