Clik here to view.
Shibboleth 2 XML Injection
RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate...
View ArticleClik here to view.
Seagate Personal Cloud - Multiple Vulnerabilities
EDB-ID: 43659Author: SecuriTeamPublished: 2018-01-11CVE: CVE-2018-5347 Type: RemotePlatform: HardwareAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A ## Vulnerabilities summary The...
View ArticleClik here to view.
Linux/x86 - execve(/bin/sh) + Polymorphic Shellcode (26 bytes)
EDB-ID: 43694Author: Hashim JawadPublished: 2018-01-14CVE: N/A Type: ShellcodePlatform: Linux_x86Shellcode: Download / View Raw Shellcode Size: 26 bytes ################### Description...
View ArticleClik here to view.
Master IP CAM 01 - Multiple Vulnerabilities
EDB-ID: 43693Author: Raffaele SabatoPublished: 2018-01-17CVE: CVE-2018-5723... Type: RemotePlatform: HardwareVulnerable App: N/A # Date: 17-01-2018 # Remote: Yes # Exploit Authors: Daniele...
View ArticleClik here to view.
Spring Framework CVE-2016-9878 Directory Traversal Vulnerability
Spring Framework is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. A remote attacker could exploit this issue using directory-traversal...
View ArticleClik here to view.
SugarCRM 3.5.1 - Cross-Site Scripting
EDB-ID: 43683Author: Guilherme AssmannPublished: 2018-01-17CVE: CVE-2018-5715 Type: WebappsPlatform: PHPVulnerable App: # Date: 16/01/2017 # Exploit Author: Guilherme Assmann # Vendor Homepage:...
View ArticleClik here to view.
D-Link DSL-2640R - Unauthenticated DNS Change
EDB-ID: 43678Author: Todor DonevPublished: 2018-01-17CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # # D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability # # Firmware...
View ArticleClik here to view.
Reservo Image Hosting Script 1.5 - Cross-Site Scripting
EDB-ID: 43676Author: Dennis VeningaPublished: 2018-01-17CVE: CVE-2018-5705 Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 15-01-2018 # Exploit Author: Dennis Veninga # Contact Author: d.veninga...
View ArticleClik here to view.
Belkin N600DB Wireless Router - Multiple Vulnerabilities
EDB-ID: 43682Author: WadeekPublished: 2018-01-17CVE: N/A Type: WebappsPlatform: HardwareVulnerable App: N/A # Date: 16/01/2018 # Exploit Author: Wadeek # Hardware Version: F9K1102as v3 # Firmware...
View ArticleClik here to view.
Microsoft Edge Chakra - 'AsmJSByteCodeGenerator::EmitCall' Out-of-Bounds Read
EDB-ID: 43720Author: Google Security ResearchPublished: 2018-01-17CVE: CVE-2018-0780 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Out Of BoundsVulnerable App: N/A...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Incorrect Bounds Calculation
EDB-ID: 43710Author: Google Security ResearchPublished: 2018-01-17CVE: CVE-2018-0769 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Out Of BoundsVulnerable App: N/A Let's start with...
View ArticleClik here to view.
Microsoft Edge Chakra - 'JavascriptGeneratorFunction::GetPropertyBuiltIns'...
EDB-ID: 43713Author: Google Security ResearchPublished: 2018-01-17CVE: CVE-2017-11914 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Type ConfusionVulnerable App: N/A Here's a snippet...
View ArticleClik here to view.
Microsoft Edge Chakra - Incorrect Scope Handling
EDB-ID: 43715Author: Google Security ResearchPublished: 2018-01-17CVE: CVE-2018-0774 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A (function func(arg =...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Out-of-Bounds Write
EDB-ID: 43718Author: Google Security ResearchPublished: 2018-01-17CVE: CVE-2018-0777 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Out Of BoundsVulnerable App: N/A function opt(arr,...
View ArticleClik here to view.
glibc - 'getcwd()' Local Privilege Escalation
EDB-ID: 43775Author: halfdogPublished: 2018-01-16CVE: CVE-2018-1000001 Type: LocalPlatform: LinuxAliases: RationalLove.cAdvisory/Source: LinkTags: N/AVulnerable App: N/A * expressed or implied...
View ArticleClik here to view.
ASUSWRT 3.0.0.4.382.18495 Session Hijacking / Information Disclosure
ASUSWRT versions 3.0.0.4.382.18495 and below suffer from predictable session tokens, failed IP validation, plain text password storage, and information disclosure vulnerabilities.MD5 |...
View ArticleClik here to view.
Seagate Personal Cloud Command Injection
Seagate Personal Cloud suffers from multiple command injection vulnerabilities.MD5 | 04f30f1082f4a8d1b8093ffe831d0de2Download# SSD Advisory a Seagate Personal Cloud Multiple Vulnerabilities##...
View ArticleClik here to view.
Synology Photo Station 6.8.2-3461 Remote Code Execution
Synology Photo Station versions 6.8.2-3461 and below suffer from a SYNOPHOTO_Flickr_MultiUpload race condition file write remote code execution vulnerability.MD5 |...
View ArticleClik here to view.
Zenario CMS 7.6 SQL Injection
Zenario CMS version 7.6 suffers from a remote SQL injection vulnerability.MD5 | 456b9d23f5ca5260feeb12ed166069fbDownloadDocument Title:===============Zenario v7.6 CMS - SQL Injection Web...
View ArticleClik here to view.
D-Link DSL-2640R Unauthenticated Remote DNS Changer
D-Link DSL-2640R unauthenticated remote DNS changing exploit.MD5 | 960281695d209020856919aa5a842336Download### D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability## Firmware Version:...
View Article