14 matches found
Drupal CVE-2019-6340 Remote Code Execution EXP
Description This Metasploit module exploits a PHP unserialize vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also...
Cisco Routers CVE-2019-1663 Remote Command Execution
Description A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device...
WordPress Blog2Social plugin CVE-2019-9576 XSS
Description The Blog2Social WordPress plugin is vulnerable to reflected XSS as it echoes the b2supdatepublishdate parameter without proper encoding. Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn...
WordPress Quiz And Survey Master plugin CVE-2019-9575
Description The Quiz And Survey Master WordPress plugin is vulnerable to reflected XSS as it echoes the quizid parameter without proper encoding. Successful exploitation allows an attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enable...
Windows SMB Server CVE-2019-0630 RCE
Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Mitigations Microsoft has not identified any mitigating factors for...
Xpdf CVE-2019-9589 NULL Pointer Dereference
Product Details Xpdf is a free PDF viewer and toolkit, including a text extractor, image converter, HTML converter, and more. Most of the tools are available as open source. URL: Vulnerable Versions 4.01 Description There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources...
Visual Studio CVE-2019-0728 Remote Code Execution
Description Microsoft Visual Studio is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the current-user. Failed exploit attempts will likely result in denial of service conditions. Mitigations Microsoft has not...
Linux Kernel CVE-2019-9213 NULL Dereferences
By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...
Apple CVE-2019-6235 Memory Corruption
Description Apple iTunes/macOS/tvOS/watchOS/iOS are prone to a memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Apple CVE-2019-6235 Memory...
WordPress Forminator Plugin CVE-2019-9567
Description Custom fields of a poll are not properly encoded when showing results of a poll, leading to persistent XSS. Successful exploitation allows an unauthenticated attacker to execute JavaScript in the context of the application in the name of an attacked user. This in turn enables an...
WordPress Forminator Plugin CVE-2019-9568
Description The action of deleting submissions is vulnerable to blind SQL injection. An attacker can exploit this to extract data from the database. An account with the permission to delete submissions is required. Proof of Concept View submissions, eg at...
Mozilla Firefox CVE-2018-18511 Information Disclosure
Description Mozilla Firefox is prone to an information-disclosure vulnerability. Attackers can exploit this issue to disclose sensitive information that may aid in further attacks. This issue has been fixed in: Firefox 65.0.1 Mozilla Firefox CVE-2018-18511 Information Disclosure最先出现在CVE 0day。...
Google Chrome CVE-2019-5786 Arbitrary Code Execution
Description Google Chrome is prone to an arbitrary code execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the browser, Failed attempts will likely cause a denial-of-service condition. Google Chrome versions prior to 72.0.3626.121 are vulnerable...
Adobe ColdFusion CVE-2019-7816 Arbitrary File Upload
Description Adobe ColdFusion is prone to an arbitrary file-upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. The following versions are affecte...