Posnic 1.03 Unauthorized Password Recovery Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + Posnic 1.03 forgetpass.php Unauthorized Password Recovery ------------------------------------------------------------------------ Discovered by Juri Gianni -...

BSA-2017-115

Security Advisory ID : BSA-2017-115 Component : Apache HTTPD Revision : 2.0: Final The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow...

PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

Adobe Acrobat Reader DC jpeg decoder Remote Code Execution Vulnerability

Summary A use of uninitialized memory vulnerability exists in JPEG image file format decoding code of Adobe Acrobat Reader which ultimately leads to a heap-based buffer overflow which can be abused to achieve remote code execution. A specially crafted PDF file with an embedded JPEG can trigger th...

UBUNTU-CVE-2016-7999

ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...

UBUNTU-CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...

CVE-2016-8628

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

Design/Logic Flaw

The "http-client" egg always used a HTTPPROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests throu...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

CVE-2016-6286

The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTPPROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server also known as a "httpoxy" attack. This affects all...

Adobe Reader DC XSLT variable Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...

Piwigo Remote File Inclusion Vulnerability (CNVD-2017-00112)

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time and more. A security vulnerability exists in the admin/plugin.php file in Piwigo 2.8.3 and earlier versions, which stems from the...

FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)

Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...

ghostscript: getenv and filenameforall ignore -dSAFER

It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, fro...

phpBB 2.0.23 - From Variable Tampering to SQL Injection

Case Study Variable Tampering Among others, RIPS reported a variable tampering issue in the style configuration page for administrators. The GET parameter installto is used as the name of a variable. admin/adminstyles.php $installto = isset$HTTPGETVARS'installto' ? urldecode$HTTPGETVARS'installto...

openSUSE Security Update : python-Twisted (openSUSE-2016-1482)

This update for python-Twisted fixes the following issues : - No longer automatically export the httpproxy environment variable to avoid the proxy being trusted by unaware applications, if a Proxy request header is supplied boo989997, CVE-2016-1000111 %NASLMINLEVEL 70300 C Tenable Network Securit...

unsorted bin attack analysis-vulnerability warning-the black bar safety net

One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...

NetGear lot of router remote command injection vulnerability analysis(Update Patch analysis)-vulnerability warning-the black bar safety net

0x01 introduction Two days before the NTP just doing the complete thing, the NetGear routerNETGEAR routerand to engage in things of T. T. The current CERT in the last week, five have issued a notice,“if the user comes to the router, it is recommended to stop use until the official release of the...

ALPINE-CVE-2016-5842

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read...