POSNIC 1.03 Shell Upload

0 echo "Return Code: " . $FILES"file""error" . ""; else $upload = $FILES"file""name"; $type = $FILES"file""type"; if fileexists"upload/" . $FILES"file""name" unlink$upload; $name = $FILES"file""name"; moveuploadedfile$FILES"file""tmpname", "upload/" . $name; //echo "Stored in: " . "upload/"...

CVE-2016-2334

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image...

Internet Bug Bounty: Invalid read when wddx decodes empty boolean element

Description ----------- I have found some vulnerable code in wddx extension. The trouble happens when trying to process 'boolean' tag. If I open tag without data, new stentry item WILL NOT be pushed into stack. When tag is closed and stack-top is greater than 1, stentry item at top of stack WILL ...

NetCat 0.7.1 - Denial of Service Exploit

Exploit for linux platform in category dos / poc /usr/bin/python -- Coding: utf-8 -- GNU Netcat 0.7.1 - Out of bounds array write Access Violation by n30m1nd Date: 2016-11-19 Exploit Author: n30m1nd Vendor Homepage: http://netcat.sourceforge.net/ Software Link:...

NetCat 0.7.1 - Denial of Service

NetCat 0.7.1 - Denial of Service /usr/bin/python -- Coding: utf-8 -- GNU Netcat 0.7.1 - Out of bounds array write Access Violation by n30m1nd Date: 2016-11-19 Exploit Author: n30m1nd Vendor Homepage: http://netcat.sourceforge.net/ Software Link:...

Internet Bug Bounty: Memory corruption due to missing check size in _php_math_number_format_ex()

The fix for this bug has been committed: https://bugs.php.net/bug.php?id=73424 Description: ------------ I have found some vulnerable code at phpmathnumberformatex function. phpmathnumberformatex function is an internal function which is called from numberformat function. numberformat function...

SPIP 3.1.2 File Enumeration / Path Traversal Vulnerabilities

Exploit for php platform in category web applications SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...

SPIP 3.1.2 Server Side Request Forgery

SPIP 3.1.2 Server Side Request Forgery CVE-2016-7999 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability Description It...

SPIP 3.1.2 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications SPIP 3.1.2 Reflected Cross-Site Scripting CVE-2016-7981 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distribute...

SPIP 3.1.13.1.2 - File Enumeration Path Traversal

SPIP 3.1.13.1.2 - File Enumeration Path Traversal SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal CVE-2016-7982 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...

SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution

SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence...

Brave Software: [Android] HTML Injection in BatterySaveArticleRenderer WebView

Summary: HTML Injection in BatterySaveArticleRenderer WebView. Products affected: Android Brave Browser 1.9.56 Steps To Reproduce: Open https://blackfan.ru/brave or html html location="https://www.google.com/search?q=Injection Wait for a full load Click on ArticleModeButton Supporting...

Ian Dunn: Google Authenticator0.6 - PHP Version Dosclosure

Hello Vulnerable File and Link : http://localhost/wordpress/wp-content/plugins/google-authenticator-per-user-prompt/views/requirements-error.php Vulnerable Link : 8 You're running version Vulnerable Code: Good Luck/...

Symantec Messaging Gateway 10.6.1 - Directory Traversal

Exploit for java platform in category web applications Title : Symantec Messaging Gateway = 10.6.1 Directory Traversal Date : 28/09/2016 Author : R-73eN Tested on : Symantec Messaging Gateway 10.6.1 Latest Software : https://www.symantec.com/products/threat-protection/messaging-gateway Vendor :...

Symantec Messaging Gateway 10.6.1 - Directory Traversal

Title : Symantec Messaging Gateway = 10.6.1 Directory Traversal Date : 28/09/2016 Author : R-73eN Tested on : Symantec Messaging Gateway 10.6.1 Latest Software : https://www.symantec.com/products/threat-protection/messaging-gateway Vendor : Symantec CVE : CVE-2016-5312 Vendor Advisory and Fix:...

Joomla! Component Catalog 1.0.7 - SQL Injection

Title: Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Author: Larry W. Cashdollar, @larry0 Date: 2016-09-16 Download Site: http://huge-it.com/joomla-catalog/ Vendor: huge-it.com Vendor Notified: 2016-09-17 Vendor Contact: [email protected] Description: Huge-IT Product Catalog i...

Return to libstagefright: exploiting libutils on Android

Posted by Mark Brand, Invalidator of Unic�o�d�e I’ve been investigating different fuzzing approaches on some Android devices recently, and this turned up the following rather interesting bug CVE 2016-3861 fixed in the most recent Android Security Bulletin, deep in the bowels of the usermode Andro...

GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload

Exploit for php platform in category web applications Exploit Title: GRR = 3.0.0-RC1 all versions RCE with privilege escalation through file upload filter bypass authenticated Date: January 7th, 2016 Exploit Author: kmkz Bourbon Jean-marie | @kmkzsecurity Vendor Homepage: http://grr.devome.com/fr...

Streamo Online Radio / TV Streaming CMS SQL Injection

Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://rexbd.net/ Vulnerable Type : SQL Injection Date : 2016-07-0...

Streamo Online Radio And TV Streaming CMS - SQL Injection

Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage : http://rexbd.net/ Vulnerable Type : SQL Injection Date : 2016-07-0...