Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - ticketreply.php SQL Injection

Joomla! Component JS Support Ticket comjssupportticket 1.1.6 - ticketreply.php SQL Injection Exploit Title: Joomla! component comjssupportticket - Authenticated SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Date: 10.08.19 Exploit Author: qw3rTyTy Vendor Homepage:...

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

Microsoft DirectWrite AFDKO - Stack-Based Buffer Overflow in dosetweightvectorcube for Large nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes

-----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library written in C, which provides interfaces for reading and writing Type 1, OpenType, TrueType to some...

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding

Microsoft DirectWrite AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...

CVE-2019-0976

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder by default "obj", aka 'NuGet Package Manager Tampering Vulnerability'...

MiniFtp - 'parseconf_load_setting' Buffer Overflow

Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : Non...

CVE-2018-4289

An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6...

Information disclosure

An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6...

Code injection

A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2...

i-doit 1.12 - qr.php Cross-Site Scripting

i-doit 1.12 - qr.php Cross-Site Scripting Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Date: 28-03-2019 Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: [email protected] Website: https://securelayer7.net Category: webapps Tested on...

i-doit 1.12 Cross Site Scripting

Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Date: 28-03-2019 Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: [email protected] Website: https://securelayer7.net Category: webapps Tested on: Firefox in Kali Linux. CVE: CVE-2019-696...

CVE-2019-9877

There is an invalid memory access vulnerability in the function TextPage::findGaps located at TextOutputDev.c in Xpdf 4.01, which can for example be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have...

Tautulli 2.1.26 Cross Site Scripting

Tautulli https://tautulli.com/ is a Python based monitoring and tracking tool for Plex Media Server. We discovered that an authenticated Plex Media Server user could change their Plex username to include JavaScript and Tautulli would fail to sanitize the username so that when the Plex Media Serve...

Jinja2 2.10 - (from_string) Server Side Template Injection Exploit

Exploit for python platform in category web applications ''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on:...

GitLab: Persistent XSS via e-mail when creating merge requests

Summary: The vulnerability consists in the ability to create branch names that contain characters such as /. This branch name is sent via e-mail which is rendered as HTML. Description: One way to exploit this is by forking a repository. Then an attacker would create a branch called alert1 and mak...

GattLib 0.2 - Stack Buffer Overflow

GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...

CVE-2019-6250

A pointer overflow, with code execution, was discovered in ZeroMQ libzmq aka 0MQ 4.2.x and 4.3.x before 4.3.1. A v2decoder.cpp zmq::v2decodert::sizeready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leverag...

WordPress Adicon Server 1.2 Plugin - selectedPlace SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection Software Link: https://wordpress.org/plugins/adicons/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.2 Category: webapps SQL Injection File:...

WordPress Plugin Audio Record 1.0 - Arbitrary File Upload

Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in record upload process allowing arbitrary...

WordPress Audio Record 1.0 Shell Upload

Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in record upload process allowing arbitrary...