56796 matches found
WP Statistics Authenticated XSS Vulnerability
A few days ago the awesome folks over at Sucuri found a SQL Injection vulnerability in the popular WP Statistics WordPress Plugin, currently installed on over 300,000 websites. We wanted to check our existing toolsets would have detected the vulnerability so that we could ensure that Dewhurst...
Foscam IP Video Camera Command Injection Vulnerability(CVE-2017-2847)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...
Apache ActiveMQ Fileserver remote code execution vulnerability(CVE-2016-3088)
Author: The know Chong Yu 404 laboratory 1. Background overview ActiveMQ is an Apache Software Foundation under an open source message-driven middleware software. Jetty is an open source servlet container, it is based on Java web container such as JSP and servlet to provide the running...
Multiple vulnerabilities in WePresent WiPG devices
Security Advisory: Multiple vulnerabilities in WePresent WiPG devices -------------------------------------------------------------------------------- 1. Summary This advisory describes multiple vulnerabilities affecting the WePresent WiPG devices. Most of the issues covered by this advisory appl...
Microsoft Windows COM Local Privilege Escalation Vulnerability(CVE-2017-0213)
Summary: When accessing an OOP COM object using IRemUnknown2 the local unmarshaled proxy can be for a different interface to that requested by QueryInterface resulting in a type confusion which can result in EoP. Description: Querying for an IID on a OOP or remote COM object calls the ORPC method...
WP Statistics SQL Injection vulnerability
Security experts at Sucuri have discovered a SQL Injection vulnerability in WP Statistics, one of the most popular WordPress plugins, that is currently installed on over 300,000 websites. The SQL Injection vulnerability in WP Statistics could be exploited by attackers, with at least a subscriber...
KindEditor cross-site scripting vulnerability
No description provided by source...
UEditor cross-site scripting vulnerability
No description provided by source...
systemd CVE-2017-9445 Out-Of-Bounds Write Remote Code Execution Vulnerability
Vulnerability description Canonical's Ubuntu developer Chris Coulson found a critical vulnerability, you can use it to remotely attack run popular of the operating system of the machine. The vulnerability number CVE-2017-9445 located in the Systemd init system and service manager . A remote...
The likelihood of collaborative oa \app\team\block\control.php SQL injection
No description provided by source...
The likelihood of collaborative oa \app\proj\block\control.php SQL injection
No description provided by source...
The likelihood of collaborative oa \app\oa\block\control.php SQL injection
No description provided by source...
Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)
We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...
Alpine Linux: From vulnerability discovery to code execution
I’ve recently uncovered two critical vulnerabilities in Alpine Linux’s package manager, assigned CVE-2017-9669 and CVE-2017-9671. These vulnerabilities could potentially lead to an attacker executing malicious code on your machines, if you are using Alpine knowingly or implicitly. Alpine Linux is...
Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject
We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the JobObjectExtendedLimitInformation information class discloses portions of uninitialized kernel stack memory to user-mode clients, due to...
Windows Kernel stack memory disclosure in nt!NtQueryInformationProcess(CVE-2017-8476)
We have discovered that the nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel stack memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation, an example...
Windows Kernel stack memory disclosure in win32k!ClientPrinterThunk(CVE-2017-8475)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtGdiOpenDCW system call. The analysis shown below was performed on Windows 7 32-bit. The full stack trace...
Windows Kernel stack memory disclosure in win32k!NtGdiGetRealizationInfo(CVE-2017-8473)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetRealizationInfo system call. The concrete layout of the input/output structure is unclear symbols indicate its name is...
Windows Kernel stack memory disclosure in DeviceApi(CVE-2017-8474)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 10 through the PiDqIrpQueryGetResult, PiDqIrpQueryCreate, PiDqQueryCompletePendedIrp IOCTLs sent to the \Device\DeviceApi device. The analysis shown below was...
Windows Kernel stack memory disclosure in win32k!NtGdiGetTextMetricsW(CVE-2017-8472)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other systems untested through the win32k!NtGdiGetTextMetricsW system call. The output structure used by the syscall, according to various sources, is TMWINTERNA...
Microsoft Windows Kernel 'Win32k.sys' Local Information Disclosure Vulnerability(CVE-2017-8471)
We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. The system call returns an 8-byte structure back to ring-3 through the 4th parameter, as...
The likelihood of collaborative oa \app\cash\block\control.php SQL injection
No description provided by source...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0287)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlSinglePosLookup::getCoverageTable function, while trying to display text using a corrupted TTF font file: --- 7f0.488: Access violation - code c0000005 first chance First chance exceptions are reported before...
The likelihood of collaborative oa \app\crm\block\control.php SQL injection
No description provided by source...
Microsoft Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0284)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ttoGetTableData function, while trying to display text using a corrupted TTF font file: --- 210.274: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handlin...
zzcms the latest version and the prior version of the system reload could be Getshell
No description provided by source...
Microsoft Edge: Type confusion in CssParser::RecordProperty(CVE-2017-8496)
Preliminary analysis: The crash happens inside CAttrArray::PrivateFindInl. Rcx this pointer is supposed to point to a CAttrArray but it actually pointa to a CAttribute. CAttrArray::PrivateFindInl is only going to perform reads and its return value is going to be discarded by the calling function...
Microsoft Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)
We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while trying to display text using a corrupted font file: --- 4e0.6dc: Access violation - code c0000005 first chance First chance exceptions are reported before any...
phpok the latest version of a SQL injection
No description provided by source...
Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table(CVE-2017-8483)
We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N bytes are being referenced. This cannot be protected by try-except. When...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0286 )
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!NextCharInLiga function, while trying to display text using a corrupted TTF font file: --- 3d4.454: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling...
Windows Kernel stack memory disclosure in nt!NtQueryInformationWorkerFactory(CVE-2017-0300)
We have discovered that the nt!NtQueryInformationWorkerFactory system call called with the WorkerFactoryBasicInformation 7 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific layout of the output structure...
Microsoft Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0282)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!CreateIndexTable function, while trying to display text using a corrupted TTF font file: --- 5cc.74: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handlin...
Microsoft Windows Uniscribe Information Disclosure Vulnerability(CVE-2017-0285)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!SubstituteNtoM function, while trying to display text using a corrupted TTF font file: --- 69c.164: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling...
Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject(CVE-2017-8479)
We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 28 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific name of the 28 information...
Windows Kernel stack memory disclosure in nt!NtQueryInformationResourceManager(CVE-2017-8481)
We have discovered that the nt!NtQueryInformationResourceManager system call called with the 0 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific name of the 0 information class or the layout of the correspondin...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0289)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlValueRecord::adjustPos function, while trying to display text using a corrupted TTF font file: --- 470.4d4: Access violation - code c0000005 first chance First chance exceptions are reported before any excepti...
Windows Kernel pool memory disclosure in nt!NtNotifyChangeDirectoryFile(CVE-2017-0299)
We have discovered that the nt!NtNotifyChangeDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients, due to output structure alignment holes. On our test Windows 10 32-bit workstation, an example layout of the output buffer is as follows: --- cut ---...
Microsoft Windows Graphics Component Information Disclosure Vulnerability(CVE-2017-0288)
We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!otlReverseChainingLookup::apply function, while trying to display text using a corrupted TTF font file: --- 678.6c8: Access violation - code c0000005 first chance First chance exceptions are reported before any...
Windows Kernel stack memory disclosure in nt!NtQueryInformationJobObject(CVE-2017-8478)
We have discovered that the nt!NtQueryInformationJobObject system call corresponding to the documented QueryInformationJobObject API function called with the 12 information class discloses portions of uninitialized kernel stack memory to user-mode clients. The specific name of the 12 information...
Windows Kernel stack memory disclosure in nt!NtQueryInformationTransaction(CVE-2017-8480)
We have discovered that the nt!NtQueryInformationTransaction system call called with the 1 information class discloses portions of uninitialized kernel stack memory to user-mode clients, on Windows 7 to Windows 10. The specific name of the 1 information class or the layout of the corresponding...
Vivotek Network Camera arbitrary file reading and command execution vulnerability
Author: Super viagra the blue cat Within the network there are some Vivotek network camera, as a monitor. Direct access to the 80 port of the Web service, the Configure - maintenance - import/export file to export the configuration file, get a contains etc folder of the tar package. From a...
WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data RCE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure t...
finecms front Desk SQL injection
No description provided by source...
finecms the front Desk of any user login
No description provided by source...
finecms arbitrary file upload 2
No description provided by source...
finecms arbitrary file upload
No description provided by source...
finecms front Desk arbitrary file upload vulnerability #2
No description provided by source...
finecms front Desk members arbitrary file upload vulnerability #1
No description provided by source...
finecms front Desk arbitrary file upload vulnerability #3
No description provided by source...