PhpCollab 2.5.1 Shell Upload

CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...

WordPress Cool Flickr Slideshow 1.0 Cross Site Scripting Vulnerability

WordPress Cool Flickr Slideshow plugin version 1.0 suffers from a cross site scripting vulnerability. | Exploit Title: Wordpress cool-flickr-slideshow Plugin Cross Site Scriptingxss | Exploit Author: Ashiyane Digital security Team | Vendor...

WordPress Contact Form 7 International SMS Integration 1.2 XSS Vulnerability

WordPress Contact Form 7 International SMS Integration plugin version 1.2 suffers from a cross site scripting vulnerability. | Exploit Title: Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting | Exploit Author: Ashiyane Digital security Team | Vendor Homepage :...

CVE-2017-12956

There is an illegal address access in Exiv2::FileIo::pathabi:cxx11 in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service...

CVE-2017-11553

There is an illegal address access in the extendaliastable function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service...

CVE-2017-11336

There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack...

CVE-2017-11338

There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack...

IBM Informix Dynamic Server - Code Injection / Remote Code Execution

!/usr/local/bin/python """ IBM Informix Dynamic Server doconfig PHP Code Injection Remote Code Execution Vulnerability 0DAY Bonus: free XXE bug included! Download: https://www-01.ibm.com/marketing/iwm/iwm/web/reg/download.do?source=swg-informixfpd&SPKG=dl&lang=enUS&cp=UTF-8&dlmethod=http Twitter:...

LG MRA58K - ASFParser::ParseHeaderExtensionObjects Missing Bounds-Checking Exploit

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1222 There is a memcpy in ASFParser::ParseHeaderExtensionObjects which doesn't check that the size of the copy is smaller than the size of the source buffer, resulting in an...

LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1222 There is a memcpy in ASFParser::ParseHeaderExtensionObjects which doesn't check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read. The vulnerable code appears to b...

LightDM (Ubuntu 16.04/16.10) Privilege Escalation

Source: https://blogs.securiteam.com/index.php/archives/3134 Vulnerability Summary The following advisory describes a local privilege escalation via LightDM found in Ubuntu versions 16.10 / 16.04 LTS. Ubuntu is an open source software platform that runs everywhere from IoT devices, the smartphone...

Trend Micro Threat Discovery Appliance 2.6.1062r1 Session Generation Authentication Bypass

!/usr/bin/python """ Trend Micro Threat Discovery Appliance = 2.6.1062r1 Session Generation Authentication Bypass Vulnerability Found by: Roberto Suggi Liverani - @malerisch - http://blog.malerisch.net/ & Steven Seeley of Source Incite File: TDAInstallationCD.2.6.1062r1.enUS.iso sha1:...

CVE-2017-7857

FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TTGetMMVar function in truetype/ttgxvar.c and the sfntinitface function in sfnt/sfobjs.c...

EyesOfNetwork (EON) 5.0 - SQL Injection

EyesOfNetwork EON 5.0 - SQL Injection CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL...

EyesOfNetwork (EON) 5.0 - SQL Injection

CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests. CVE ID: CVE-2017-6088 Access...

EON 5.0 Remote Code Execution

CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to execute arbitrary code. CVE ID: CVE-2017-6087 Access...

EON 5.0 SQL Injection

CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests. CVE ID: CVE-2017-6088 Access...

wifirxpower - Local Buffer Overflow (PoC)

wifirxpower - Local Buffer Overflow PoC + Title: wifirxpower - Local Stack Based Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: ===============...

CVE-2016-7970

Buffer overflow in the calccoeff function in libass/assblur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors...

shopify-scripts: Controlled address leak due to type confusion - ASLR bypass

There are several different places in which arguments are treated as fixnums without a prior check for their type. Since mrbvalue is a union that holds all value types, it can cause a mixup between an object pointer and an integer value: cpp typedef struct mrbvalue union mrbfloat f; void p; mrbin...