Clik here to view.
Microsoft Windows WLDP/MSHTML CLSID UMCI Bypass
The enlightened lockdown policy check for COM Class instantiation can be bypassed in MSHTML hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).MD5 |...
View ArticleClik here to view.
Microsoft Edge Chakra JIT Incorrect GenerateBailOut Calling Patterns
Microsoft Edge Chakra JIT compiler creates incorrect GenerateBailOut calling patterns.MD5 | 11f1ed6218c70a607f5e232014a97289Download Microsoft Edge: Chakra: JIT: Incorrect GenerateBailOut calling...
View ArticleClik here to view.
Microsoft Edge Chakra JIT Failed RegexHelper::StringReplace Call
The "String.prototype.replace" method can be inlined in the JIT process. So in the method, all the calls which may break the JIT assumptions must be invoked with updating "ImplicitCallFlags". But...
View ArticleClik here to view.
Microsoft Edge Chakra StackScriptFunction::BoxState::Box Uninitialized Pointers
Microsoft Edge Chakra accesses uninitialized pointers in StackScriptFunction::BoxState::Box.MD5 | 18e6e8dec6b5f143ccd448fce096def8Download Microsoft Edge: Chakra: Accesses to uninitialized pointers in...
View ArticleClik here to view.
AlienVault Unified Security Management (USM) 5.4.2 - Cross-Site Request Forgery
EDB-ID: 42988Author: Julien AhrensPublished: 2017-10-13CVE: CVE-2017-14956 Type: WebappsPlatform: PHPVulnerable App: N/A ======================= Product: AlienVault USM Vendor URL:...
View ArticleClik here to view.
Webmin 1.850 - Multiple Vulnerabilities
EDB-ID: 42989Author: hyp3rlinxPublished: 2017-10-15CVE: N/A Type: WebappsPlatform: CGIVulnerable App: N/A [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source:...
View ArticleClik here to view.
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
EDB-ID: 42975Author: Leonardo DuartePublished: 2017-10-11CVE: N/A Type: WebappsPlatform: LinuxVulnerable App: N/A # Date: 10/11/2017 # Exploit Author: Leonardo Duarte # Contact:...
View ArticleClik here to view.
Key Reinstallation: Forcing Nonce Reuse In WPA2
Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This...
View ArticleClik here to view.
Webmin 1.850 SSRF / CSRF / Cross Site Scripting
Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities.MD5 | e8275ecd6d49c4502a0718560697279cDownload[+] SSD Beyond...
View ArticleClik here to view.
Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities.MD5 | 49e5b10ae54b8581b0809387e9a79239DownloadSEC Consult Vulnerability Lab Security Advisory <...
View ArticleClik here to view.
Fortinet FortiMail CVE-2017-7732 Cross Site Scripting Vulnerability
Fortinet FortiMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
View ArticleClik here to view.
WPA2 Key Reinstallation Multiple Security Weaknesses
WPA2 is prone to multiple security weaknesses. Exploiting these issues may allow an unauthorized user to intercept and manipulate data or disclose sensitive information. This may aid in further...
View ArticleClik here to view.
Adobe Flash Player CVE-2017-11292 Type Confusion Remote Code Execution...
Adobe Flash Player is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed...
View ArticleClik here to view.
AlienVault USM CVE-2017-14956 Cross Site Request Forgery Vulnerability
AlienVault USM is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker...
View ArticleClik here to view.
Fortinet FortiWLC CVE-2017-7335 Multiple Cross Site Scripting Vulnerabilities
Fortinet FortiWLC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
View ArticleClik here to view.
3CX Phone System 15.5.3554.1 - Directory Traversal
EDB-ID: 42991Author: Jens RegelPublished: 2017-10-16CVE: CVE-2017-15359 Type: WebappsPlatform: LinuxVulnerable App: N/A ====== 3CX Phone System - Authenticated Directory Traversal Author: ======= Jens...
View ArticleClik here to view.
Windows x64 - API Hooking Shellcode (117 bytes)
EDB-ID: 42992Author: Roziul Hasan Khan ShifatPublished: 2017-10-16CVE: N/A Type: ShellcodePlatform: Win_x86-64Shellcode: Download / View Raw Shellcode Size: 117 bytes # Title : Windows x64 API Hooking...
View ArticleClik here to view.
WordPress Influencer Marketing And Press Release System 2.2 XSS
WordPress Influencer Marketing and Press Release System plugin version 2.2 suffers from a cross site scripting vulnerability.MD5 | bb9fd8af678bc4aeb2ce39173e2416cbDownloadClass Input Validation...
View ArticleClik here to view.
3CX Phone System 15.5.3554.1 Directory Traversal
3CX Phone System version 15.5.3554.1 suffers from an authentication directory traversal vulnerability.MD5 | a9779e9950c10976260d9d215e0f3f96DownloadTitle:======3CX Phone System - Authenticated...
View ArticleClik here to view.
EMC NetWorker Buffer Overflow
EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x (all supported...
View Article