Clik here to view.
iStar Ultra / IP-ACM Boards Fixed AES Key
Vulnerabilities were identified in the iStar Ultra and IP-ACM boards offered by Software House. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each...
View ArticleClik here to view.
EMC Data Domain DD OS Memory Overflow
EMC Data Domain DD OS includes a memory overflow vulnerability in the SMB1 handler. Many versions are affected.MD5 | fcef159f41d70b0dcfa3e3ef090164b6Download-----BEGIN PGP SIGNED MESSAGE-----Hash:...
View ArticleClik here to view.
WordPress Top-10 2.4.2 SQL Injection
WordPress Top-10 plugin versions 2.4.2 and below suffer from a remote SQL injection vulnerability.MD5 | ee588dbd58069595df55af0f7982b6d0DownloadDefenseCode ThunderScan SAST Advisory: WordPress Top-10...
View ArticleClik here to view.
WordPress Clean Up Optimizer 4.0.0 SQL Injection
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability.MD5 | 89af3a8114d77b162a390a6d6b1874e9DownloadDefenseCode ThunderScan SAST Advisory:...
View ArticleClik here to view.
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities.MD5 | fd4e207ff9fc3d6be29efbcdeb30fa9eDownloadDefenseCode...
View ArticleClik here to view.
TP-Link TL-SG108E XSS / Weak Access Control
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities.MD5 |...
View ArticleClik here to view.
WordPress Concours 1.1 Cross Site Scripting
WordPress Concours plugin version 1.1 suffers from a cross site scripting vulnerability.MD5 | 16e05e232ca72ab8df9a0ad81d45019bDownloadProduct: WordPress Concours Plugin -...
View ArticleClik here to view.
WordPress Custom Map 1.1 Cross Site Scripting
WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability.MD5 | cc4062b6e2d3a8c56dbd9b296155e778DownloadProduct: Custom Map WordPress Plugin -...
View ArticleClik here to view.
WordPress CSV Import-Export 1.1 Cross Site Scripting
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability.MD5 | fcacd36ccd2169cdd24b01624f8d2e8aDownloadProduct: CSV Import-Export Wordpress Plugin -...
View ArticleClik here to view.
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory...
EDB-ID: 43366Author: gellinPublished: 2017-12-04CVE: N/A Type: LocalPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A ---...
View ArticleClik here to view.
Intel Content Protection HECI Service - Type Confusion Privilege Escalation
EDB-ID: 43373Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-5717 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Type ConfusionVulnerable App: N/A Intel Content...
View ArticleClik here to view.
Microsoft Windows - 'jscript!RegExpFncObj::LastParen' Out-of-Bounds Read
EDB-ID: 43372Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-11906 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Out Of BoundsVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Windows - 'jscript!NameTbl::GetValDef' Use-After-Free
EDB-ID: 43367Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-11903 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Use After Free (UAF)Vulnerable App: N/A Source:...
View ArticleClik here to view.
Jenkins - XStream Groovy classpath Deserialization (Metasploit)
EDB-ID: 43375Author: MetasploitPublished: 2017-12-19CVE: CVE-2016-0792 Type: RemotePlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module...
View ArticleClik here to view.
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
EDB-ID: 43371Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-11855 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Internet Explorer 11 - 'jscript!JSONStringifyObject' Use-After-Free
EDB-ID: 43368Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-11793 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Use After Free (UAF)Vulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE...
EDB-ID: 43369Author: Google Security ResearchPublished: 2017-12-19CVE: CVE-2017-11890 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Heap OverflowVulnerable App: N/A Source:...
View ArticleClik here to view.
Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)
EDB-ID: 43374Author: MetasploitPublished: 2017-12-19CVE: CVE-2017-7411 Type: RemotePlatform: PHPAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF), Object InjectionVulnerable App: N/A #...
View ArticleClik here to view.
Samsung Internet Browser - SOP Bypass (Metasploit)
EDB-ID: 43376Author: Dhiraj MishraPublished: 2017-12-20CVE: CVE-2017-17692 Type: RemotePlatform: AndroidVulnerable App: N/A # This module requires Metasploit: https://metasploit.com/download # Current...
View ArticleClik here to view.
Ability Mail Server 3.3.2 Cross Site Scripting
Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.MD5 | 6505228afd8dcf507aad671e596fab06Download# Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site...
View Article