Clik here to view.
Jungo Windriver 12.5.1 Privilege Escalation
Jungo Windriver version 12.5.1 suffers from a privilege escalation vulnerability.MD5 | 67a0592b2d0d5d615ce9d10d56288a70Download// ConsoleApplication1.cpp : Defines the entry point for the console...
View ArticleClik here to view.
Joomla! Easydiscuss Cross Site Scripting
Joomla! Easydiscuss component versions prior to 4.0.21 suffer from a cross site scripting vulnerability.MD5 | a5ecebe3d594d56be239429ba067ef39Download# Exploit Title: Joomla Plugin Easydiscuss...
View ArticleClik here to view.
WordPress MQ ReLinks 1.8 XSS / Open Redirection
WordPress MQ ReLinks plugin version 1.8 suffers from cross site scripting and open redirection vulnerabilities.MD5 | 53ce06689dd3835a0618f5cfdf0f4cf4DownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
WordPress Dbox 3D Slider Lite 1.2.2 SQL Injection
WordPress Dbox 3D Slide Lite plugin versions 1.2.2 and below suffer from multiple remote SQL injection vulnerabilities.MD5 | 396bea3f46a47c839564e82ee3df2688DownloadDefenseCode ThunderScan SAST...
View ArticleClik here to view.
WordPress Smooth Slider 2.8.6 SQL Injection
WordPress Smooth Slider plugin versions 2.8.6 and below suffer from a remote SQL injection vulnerability.MD5 | 3ca8963a8f503e09a95c667231a768d8DownloadDefenseCode ThunderScan SAST Advisory: WordPress...
View ArticleClik here to view.
WordPress Testimonial Slider 1.2.4 SQL Injection
WordPress Testimonial Slider plugin versions 1.2.4 and below suffer from a remote SQL injection vulnerability.MD5 | 171fbf4af364b138825c12c2a1ba6464DownloadDefenseCode ThunderScan SAST Advisory:...
View ArticleClik here to view.
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
EDB-ID: 43495Author: Vahagn VardanyanPublished: 2018-01-10CVE: CVE-2016-1910... Type: WebappsPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A # coding=utf-8 """ Author:...
View ArticleClik here to view.
Parity Browser < 1.6.10 - Bypass Same Origin Policy
EDB-ID: 43499Author: tintinwebPublished: 2018-01-10CVE: CVE-2017-18016 Type: LocalPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A ====== Author:...
View ArticleClik here to view.
RubyGems 'rails_admin' CVE-2017-12098 Cross Site Scripting Vulnerability
RubyGems 'rails_admin' is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
View ArticleClik here to view.
D-Link Routers 110/412/615/815 < 1.03 - 'service.cgi' Arbitrary Code Execution
EDB-ID: 43496Author: Cr0n1cPublished: 2018-01-10CVE: N/A Type: WebappsPlatform: HardwareAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A # Exploit Title: D-Link WAP 615/645/815 < 1.03...
View ArticleClik here to view.
RubyGems 'delayed_job_web' CVE-2017-12097 Cross Site Scripting Vulnerability
RubyGems 'delayed_job_web' is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
View ArticleClik here to view.
Microsoft Windows SMB Server (v1 and v2) - Mount Point Arbitrary Device Open...
EDB-ID: 43517Author: Google Security ResearchPublished: 2018-01-11CVE: CVE-2018-0749 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Platform: Windows 10 1703...
View ArticleClik here to view.
Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (0.0.0.0:4444/TCP)...
EDB-ID: 43497Author: AzeriaPublished: 2018-01-11CVE: N/A Type: ShellcodePlatform: ARMAliases: N/AAdvisory/Source: LinkTags: N/AShellcode: Download / View Raw .global _start _start: .ARM add r3, pc, #1...
View ArticleClik here to view.
Microsoft Windows - NtImpersonateAnonymousToken AC to Non-AC Privilege...
EDB-ID: 43515Author: Google Security ResearchPublished: 2018-01-11CVE: CVE-2018-0751 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Platform: Windows 10 1703...
View ArticleClik here to view.
LabF nfsAxe 3.7 FTP Client - Stack Buffer Overflow (Metasploit)
EDB-ID: 43518Author: MetasploitPublished: 2018-01-11CVE: N/A Type: RemotePlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: # This module requires...
View ArticleClik here to view.
Android - Hardware Service Manager Arbitrary Service Replacement due to...
EDB-ID: 43513Author: Google Security ResearchPublished: 2018-01-11CVE: CVE-2017-13209 Type: DosPlatform: AndroidAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A The hardware service...
View ArticleClik here to view.
Microsoft Windows - NtImpersonateAnonymousToken LPAC to Non-LPAC Privilege...
EDB-ID: 43516Author: Google Security ResearchPublished: 2018-01-11CVE: CVE-2018-0752 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Platform: Windows 10 1703...
View ArticleClik here to view.
phpCollab 2.5.1 - Unauthenticated File Upload (Metasploit)
EDB-ID: 43519Author: MetasploitPublished: 2018-01-11CVE: CVE-2017-6090 Type: RemotePlatform: PHPAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: # This module requires...
View ArticleClik here to view.
Microsoft Windows - NTFS Owner/Mandatory Label Privilege Bypass
EDB-ID: 43514Author: Google Security ResearchPublished: 2018-01-11CVE: CVE-2018-0748 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Windows: NTFS...
View ArticleClik here to view.
phpCollab 2.5.1 Unauthenticated File Upload
This Metasploit module exploits a file upload vulnerability in phpCollab version 2.5.1 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server...
View Article