Lucene search
K

109 matches found

exploitpack
exploitpack
added 2019/10/04 12:0 a.m.215 views

Android - Binder Driver Use-After-Free

Android - Binder Driver Use-After-Free The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: There is a use-after-free of the wait member in the binderthread struct in the binder driver at /drivers/android/binder.c. ...

4.6CVSS0.3AI score0.72105EPSS
Exploits28
Prion
Prion
added 2019/09/27 4:15 p.m.32 views

Command injection

ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user...

10CVSS9.6AI score0.08252EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/05/10 12:0 a.m.116 views

CyberArk Enterprise Password Vault 10.7 XML External Entity Injection

Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged...

7.5CVSS0.2AI score0.40008EPSS
Exploits5
Veracode
Veracode
added 2019/05/02 6:43 a.m.24 views

Information Disclosure

Firefox, Firefox ESR and Thunderbird are vulnerable to information disclosure. Remote attackers could exploit the vulnerable Video Caption Handler component by load video captions from other domains to cause potential information disclosure for video captions...

5.3CVSS6.8AI score0.02631EPSS
Exploits1References17Affected Software2
Prion
Prion
added 2018/12/28 9:29 p.m.14 views

Command injection

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201N/m201N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android versionCode=19, versionName=4.4.2-20170213 that contains an exported broadcast receiver application component that, wh...

7.8CVSS7.5AI score0.01247EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/12/28 9:29 p.m.16 views

Code injection

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...

2.1CVSS5.4AI score0.00365EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/09/25 1:29 p.m.2 views

CVE-2018-15964

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure...

7.5CVSS5.8AI score0.07879EPSS
Exploits0References3
OSV
OSV
added 2018/08/29 1:29 p.m.2 views

CVE-2018-12828

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation...

9.8CVSS5.8AI score0.07136EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/08/15 8:28 p.m.3 views

flash-plugin: Privilege Escalation vulnerability (APSB18-25)

Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation...

9.8CVSS5.8AI score0.07136EPSS
Exploits0References5
Talos
Talos
added 2018/07/11 12:0 a.m.40 views

Computerinsel Photoline PCX Run Length Encoding Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

8.8CVSS8AI score0.01484EPSS
Exploits1
Exploit DB
Exploit DB
added 2017/06/02 12:0 a.m.45 views

Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection

Software: Sungard eTRAKiT3 Version: 3.2.1.17 and possibly lower CVE: CVE-2016-6566 https://www.kb.cert.org/vuls/id/846103 Vulnerable Component: Login page Description ================ The login form is vulnerable to blind SQL injection by an unauthenticated user. Vulnerabilities ================...

9.8CVSS9.8AI score0.11769EPSS
Exploits2
securityvulns
securityvulns
added 2014/08/18 12:0 a.m.82 views

Outlook.com for Android fails to validate server certificates

------------------------------------------------------------------------ Outlook.com for Android fails to validate server certificates ------------------------------------------------------------------------ Yorick Koster, April 2014...

4CVSS1.3AI score0.02887EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Autonomy KeyView Lotus 1-2-3 File Multiple Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26604/info Autonomy KeyView is prone to multiple buffer-overflow vulnerabilities. Successfully exploiting these issues could allow an attacker to execute arbitrary code in the context of the user running the application...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Joomla Component BibTeX <= 1.3 - Remote Blind SQL Injection Exploit

No description provided by source. html head titleJoomla Component BibTeX = 1.3 Remote Blind SQL Injection Vulnerability/title /head body !-- Title : Joomla Component BibTeX = 1.3 Remote Blind SQL Injection Vulnerability -- !-- Author : ajann -- !-- Contact : : -- !-- S.Page :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.270 views

Mambo com_registration_detailed <= 4.1 - Remote File Include

No description provided by source. Mambo comregistrationdetailed = 4.1 Remote File Inclusion Download Source : http://mamboxchange.com/projects/regdetailed/ Dork = allinur:comextendedregistration Found By: k1tk4t - k1tk4td0th4ck4tgmaild0tcom Location: Indonesia file ; registrationdetailed.inc.php...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/07/14 12:0 a.m.14 views

Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload

Joomla! Component comosproperty 2.0.2 - Unrestricted Arbitrary File Upload Exploit Title: Joomla comosproperty Unrestricted File Upload Google Dork: comosproperty Date: 13-07-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://www.insecurityperu.org/ &...

0.2AI score
Exploits0
F5 Networks
F5 Networks
added 2012/06/05 12:0 a.m.28 views

SOL13607 - Hosts may generate weak RSA keys under low entropy conditions

A recent study, linked in the Supplemental Information section, has revealed that when a system generates new RSA keys under low-entropy conditions, such as during the first system boot, the resulting keys may not be cryptographically strong. During its first boot, the BIG-IP system generates...

1.2AI score
Exploits0References7Affected Software11
Packet Storm
Packet Storm
added 2012/06/03 12:0 a.m.61 views

Log1 CMS writeInfo() PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Log1 CMS writeInf...

7.5CVSS0.2AI score0.40905EPSS
Exploits7
Exploit DB
Exploit DB
added 2012/06/03 12:0 a.m.34 views

Log1 CMS - &#039;writeInfo()&#039; PHP Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Log1 CMS writeInf...

7.5CVSS7AI score0.40905EPSS
Exploits7
CVE
CVE
added 2011/10/08 10:0 a.m.36 views

CVE-2010-4918

CVE-2010-4918 affects the Joomla! extension iJoomla Magazine (com_magazine) version 3.0.1, where a PHP Remote File Inclusion (RFI) vulnerability in magazine.functions.php allows an attacker to execute arbitrary PHP code via the config parameter in a URL. The underlying issue is an unchecked confi...

7.5CVSS7.8AI score0.02401EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder