CVE-2016-8009

CVE-2016-8009 affects Intel Security McAfee Application Control (MAC) 6.x and 7.0.x. The root cause is unauthorized IOCTL usage that enables local privilege escalation, which can lead to DoS, abnormal behavior, or potentially arbitrary code execution. Public sources describe affected versions (MA...

Oracle Database Multiple Vulnerabilities (January 2017 CPU)

The remote Oracle Database Server is missing the January 2017 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the OJVM component that allows an authenticated, remote attacker to execute arbitrary code. CVE-2017-3310 - An...

Rapid7 AppSpider 6.12 - Privilege Escalation

Exploit for windows platform in category local exploits Rapid7 AppSpider 6.12 Web Application Vulnerability Scanner Elevation Of Privilege Vendor: Rapid7, Inc. Product web page: https://www.rapid7.com Affected version: 6.12.10.1 Summary: While today's malicious attackers pursue a variety of goals...

Checkmarx CxQL 7.1.5 Sandbox Bypass Vulnerability

Exploit for php platform in category web applications Checkmarx CxQL Sandbox bypass CVE-2014-8778 Vendor: Checkmarx - www.checkmarx.com Product: CxSuite Version affected: 7.1.5 and prior Credit: Huy-Ngoc DAU @ngocdh of Deloitte Conseil, France ================================ Introduction...

ADB backupAgent mention the right vulnerability analysis CVE-2 0 1 4-7 9 5 3-the vulnerability warning-the black bar safety net

0x00 summary CVE-2 0 1 4-7 9 5 3 is present in the android backup agent in a mention the right vulnerability. ActivityManagerService in bindBackupAgent method fails to check the incoming uid parameters, combined with the addition of a race condition the use of techniques, the attacker can be in a...

Phorum 3.4.x Message Form Field HTML Injection Variant Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in...

Sitecore XML Cross Site Scripting

Hey All, Sitecores “special way” of displaying XML Controls directly allows for a Cross Site Scripting Attack – more can be achieved with these XML Controls and will be documented in another vulnerability report http://target/?xmlcontrol=body%20onload=alert123...

Hex Workshop 6.7 DLL Hijack

/ Exploit Title: Hex Workshop v 6.7 mfc100trk.dll - DLL Hijacking Vulnerability // Date: 29.11.2013 // Exploit Author: Akin Tosunlar / Ozgur Yurdusev // Software Link: http://www.download.com/Hex-Workshop/3000-23524-10004918.html?part=dl-HexWorksh&subj=dl&tag=button // Version: 6.7 Probably old...

RedHat Update for xorg-x11-server RHSA-2013:1426-01

Check for the Version of xorg-x11-server OpenVAS Vulnerability Test RedHat Update for xorg-x11-server RHSA-2013:1426-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability

Exploit for php platform in category web applications Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karev...

Slackware: Security Advisory (SSA:2004-049-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-5158

Race condition in DefenseWall Personal Firewall 3.00 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

Scientific Linux Security Update : xorg-x11-server on SL5.x i386/x86_64

An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. CVE-2010-1166 All running X.Org server instances must be restarted for this...

Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow

This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 without Hotfix CPVS56SP1E043 by sending a malformed packet with the opcode 0x40020002 GetFooterRequest to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been...

xorg security update

CentOS Errata and Security Advisory CESA-2011:1360 Updated xorg-x11 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS ba...

RedHat Update for xorg-x11-server RHSA-2011:1359-01

Check for the Version of xorg-x11-server OpenVAS Vulnerability Test RedHat Update for xorg-x11-server RHSA-2011:1359-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Zazavi 1.2.1 - '/FileManager/Controller.php' Arbitrary File Upload

source: https://www.securityfocus.com/bid/49309/info Zazavi is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process...

discuz! X1.5 Get Shell 0day

简要描述： 可以自由写入一句话木马 详细说明： 以下为漏洞的EXP ?php printr' +---------------------------------------------------------------------------+ Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit by toby57 2010.11.05 mail: admin at bkey org team: http://www.bkey.org 说明:alibaba把后续getshell代码添加了下去...

slimbrowser v5.00 DLL Hijacking Exploit (dwmapi.dll)

Exploit for windows platform in category local exploits ==================================================== slimbrowser v5.00 DLL Hijacking Exploit dwmapi.dll ==================================================== || || | || o,7 || . o7 || 4||| ow, : / /...

There is no Wscript. shell component to provide the right what do we do?- Vulnerability warning-the black bar safety net

Source: love toxic There may be a lot of people, seeing close up the wscript. shell,you feel no mention of the right to hope. It will give up. Generally when the closed surface components, you upload the cmd. exe to above to is running no command. The runtime will tell the fault. If you want to r...