56796 matches found
Cesanta Mongoose DNS Query Compressed Name Pointer Denial Of Service(CVE-2017-2909)
Summary An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over network to trigger this vulnerability...
Circle with Disney WiFi Security Downgrade Vulnerability(CVE-2017-12096)
Summary An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one, can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a...
Circle with Disney Firmware Update Signature Check Bypass Vulnerability(CVE-2017-2898)
Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...
Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability(CVE-2017-2891)
Summary An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP...
Circle with Disney Apid Server Fork Denial of Service VulnerabilityI(CVE-2017-2889)
Summary An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker...
Circle with Disney Rclient SSH Persistent Remote Access Vulnerability(CVE-2017-12084)
Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...
Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability(CVE-2017-2915)
Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...
Circle with Disney Goclient SSL TLD MITM Vulnerability(CVE-2017-2912)
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
Circle with Disney Rclient SSL TLD MITM Vulnerability(CVE-2017-2911)
Summary An exploitable vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this...
Circle with Disney Apid Strstr Authentication Bypass Vulnerability(CVE-2017-2914)
Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...
Circle with Disney Apid Use-Between-Reallocs Information Disclosure Vulnerability(CVE-2017-12083)
Summary An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivit...
Circle with Disney Token Routing Vulnerability(CVE-2017-12085)
Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...
Circle with Disney Apid Photo Upload Denial of Service Vulnerability(CVE-2017-2884)
Summary An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to...
Cesanta Mongoose MQTT Payload Length Remote Code Execution(CVE-2017-2892)
Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and...
Circle with Disney Restore API Command Injection Vulnerability(CVE-2017-2890)
Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disn...
Circle with Disney Database Updater Code Execution Vulnerability(CVE-2017-2883)
Summary An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability...
Cesanta Mongoose MQTT SUBSCRIBE Command Denial Of Service(CVE-2017-2893)
Summary An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT...
Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability(CVE-2017-2921)
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow resulting leading to heap buffer overflow resulting in denial of service and potential remote code...
Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak(CVE-2017-2895)
Summary An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of=bounds memory read potentially resulting in information disclosure and denial of service. An...
Circle with Disney Backup API Command Injection Vulnerability(CVE-2017-2866)
Summary An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circle with Disney Product URLs...
Circle with Disney Weak Authentication Vulnerability(CVE-2017-2864)
Summary An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of...
Circle with Disney Startup WiFi Channel Parsing Command Injection Vulnerability(CVE-2017-12094)
Summary An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
Circle with Disney check_torlist.sh Update Code Execution Vulnerability(CVE-2017-2881)
Summary An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this...
Circle with Disney check_circleservers Code Execution Vulnerability(CVE-2017-2882)
Summary An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order...
Circle with Disney Configuration Restore Photos File Overwrite Vulnerability(CVE-2017-2916)
Summary An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request trigger this vulnerability. Tested Versions Circ...
Circle with Disney libbluecoat.so SSL TLD MITM Vulnerability(CVE-2017-2913)
Summary An exploitable vulnerability exists in filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...
Circle with Disney Firmware Update Command Injection Vulnerability(CVE-2017-2865)
Summary An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. Tested...
Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution(CVE-2017-2894)
Summary An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT...
Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability(CVE-2017-2922)
Summary An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited...
semcms web_mail multiple sql injection
No description provided by source...
Node.js arbitrary file read Vulnerability(CVE-2017-14849)
Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...
semcms the background to bypass getshell
No description provided by source...
semcms a sql injection
No description provided by source...
IBM Notes Remote Denial of Service Vulnerability(CVE-2017-1130)
No description provided by source. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that...
Computerinsel Photoline PCX Parsing Code Execution Vulnerability(CVE-2017-12107)
Summary An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability. Tested...
Apache OpenOffice DOC WW8Fonts Constructor Code Execution Vulnerability(CVE-2017-9806)
Summary An exploitable out of bound write vulnerability exists in the WW8Fonts::WW8Fonts functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause an out of bound write potentially resulting in arbitrary code execution. An attacker can send/provide a malicious doc file to...
Simple DirectMedia Layer Create RGB Surface Code Execution Vulnerability(CVE-2017-2888)
Summary An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provid...
Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability(CVE-2017-5133)
Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...
Simple DirectMedia Layer SDL_image XCF Property Handling Code Execution Vulnerability(CVE-2017-2887)
Summary An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger thi...
GraphicsMagick Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of source code in the base package or 1,225K including 3r...
Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability(CVE-2017-12608)
Summary An exploitable out-of-bounds write vulnerability exists in the WW8RStyle::ImportOldFormatStyles functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause a out-of-bounds write resulting in arbitrary code execution. An attacker can send/provide malicious doc file to...
Apache OpenOffice PPT PPTStyleSheet nLevel Code Execution Vulnerability(CVE-2017-12607)
Summary An exploitable out of bound write vulnerability exists in the PPTStyleSheet::PPTStyleSheet functionality of Apache OpenOffice. A specially crafted PPT file can cause an out of bound write resulting in arbitrary code execution. An attacker can send/provide a malicious PPT file to trigger...
ECMAIL后台任意文件下载
No description provided by source...
Cisco UCS Platform Emulator Remote Code Execution
Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine VM. The VM includes software that emulates...
Disclosure: WordPress WPDB SQL Injection - Technical
Today, a significant SQL-Injection vulnerability was fixed in WordPress 4.8.3. Before reading further, if you haven’t updated yet stop right now and update. The foundations of this vulnerability was reported via Hacker-One on September 20th, 2017. This post will detail the technical vulnerability...
骑士cms后台任意目录删除
No description provided by source...
Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability(CVE-2016-1547)
SUMMARY An off-path attacker can cause a preemptible client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Furthermore, if the attacker keeps sending cryp...
7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability(CVE-2016-2335)
Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...
7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability(CVE-2016-2334)
DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution. TESTED VERSIONS 7-Zip 32 15.05 beta 7-Zip 64 9.20 PRODUCT URLS http://www.7-zip.org/ CVSSv3 SCORE 7.3 -...
Network Time Protocol Forced Interleaved Time Spoofing Vulnerability(CVE-2016-1548)
SUMMARY It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst...