Clik here to view.
EMC Isilon OneFS Cross Site Scripting
EMC Isilon OneFS suffers from a reflected cross site scripting vulnerability. Versions prior to 8.1.0.1, prior to 8.0.1.2, prior to 8.0.0.6, and 7.2.1.x are affected.MD5 |...
View ArticleClik here to view.
Webtrekk Pixel Tracking Cross Site Scripting
Webtrekk Pixel Track versions 3.24 to 3.40, 4.00 to 4.40, and 5.00 to 5.04 suffer from a cross site scripting vulnerability.MD5 | b3b27563cb47af66f17f10561156ccccDownloadSEC Consult Vulnerability Lab...
View ArticleClik here to view.
Windows x64 API Hooking Shellcode
117 bytes small Windows x64 API hooking shellcode.MD5 | 0e1f30f71a25c4a08e91b66ad4ca90deDownload/* # Title : Windows x64 API Hooking Shellcode # Author : Roziul Hasan Khan Shifat # Size : 117 bytes #...
View ArticleClik here to view.
Windows Kernel Pool nt!NtQueryObject Memory Disclosure
It was discovered that the nt!NtQueryObject syscall handler discloses portions of uninitialized pool memory to user-mode clients when certain conditions are met.MD5 |...
View ArticleClik here to view.
Windows Kernel Pool nt!RtlpCopyLegacyContextX86 Memory Disclosure
The Microsoft Windows kernel pool suffers from a nt!RtlpCopyLegacyContextX86 related memory disclosure vulnerability.MD5 | e7fc69388cdf09d854702265504b52ebDownloadWindows Kernel pool memory disclosure...
View ArticleClik here to view.
Windows Kernel Pool Ntfs!LfsRestartLogFile Memory Disclosure
This advisory discusses a Microsoft Windows kernel pool memory disclosure into NTFS metadata ($LogFile) in Ntfs!LfsRestartLogFile.MD5 | f4472007f780b633aa086c20fa3c9ee8DownloadWindows Kernel pool...
View ArticleClik here to view.
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
EDB-ID: 42994Author: Eduardo Braun PradoPublished: 2017-09-28CVE: N/A Type: DosPlatform: WindowsVulnerable App: N/A Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage:...
View ArticleClik here to view.
Microsoft Excel - OLE Arbitrary Code Execution
EDB-ID: 42995Author: Eduardo Braun PradoPublished: 2017-09-30CVE: CVE-2017-0199 Type: DosPlatform: WindowsVulnerable App: N/A Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage:...
View ArticleClik here to view.
Apple iOS 10.2 (14C92) - Remote Code Execution
EDB-ID: 42996Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-7115 Type: RemotePlatform: iOSAliases: OneRingAdvisory/Source: LinkTags: N/AVulnerable App: N/A The exploit achieves R/W...
View ArticleClik here to view.
Microsoft Edge Chakra - Accesses to Uninitialized Pointers in...
EDB-ID: 42999Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-11809 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - Incorrect GenerateBailOut Calling Patterns
EDB-ID: 42998Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-11799 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Windows 10 - WLDP/MSHTML CLSID UMCI Bypass
EDB-ID: 42997Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-11823 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Windows: WLDP/MSHTML CLSID...
View ArticleClik here to view.
Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the...
EDB-ID: 43000Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-11802 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
Microsoft Windows - 'nt!NtQueryObject (ObjectNameInformation)' Kernel Pool...
EDB-ID: 43001Author: Google Security ResearchPublished: 2017-10-17CVE: CVE-2017-11785 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
OpenText Documentum Content Server - Privilege Escalation
EDB-ID: 43002Author: Andrey B. PanfilovPublished: 2017-10-17CVE: CVE-2017-15276 Type: WebappsPlatform: MultipleVulnerable App: N/A # Opentext Documentum Content Server (formerly known as EMC Documentum...
View ArticleClik here to view.
Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution
EDB-ID: 43009Author: Michael Stepankin and Olga BarinovaPublished: 2017-10-17CVE: CVE-2017-12629 Type: WebappsPlatform: XMLVulnerable App: N/A Lucene includes a query parser that is able to create the...
View ArticleClik here to view.
shadowsocks-libev 3.1.0 - Command Execution
EDB-ID: 43006Author: X41 D-Sec GmbHPublished: 2017-10-17CVE: N/A Type: LocalPlatform: LinuxVulnerable App: Command Execution in Shadowsocks-libev ====================================== Overview...
View ArticleClik here to view.
OpenText Documentum Content Server - Arbitrary File Download
EDB-ID: 43005Author: Andrey B. PanfilovPublished: 2017-10-17CVE: CVE-2017-15014 Type: WebappsPlatform: MultipleVulnerable App: N/A # Opentext Documentum Content Server (formerly known as EMC Documentum...
View ArticleClik here to view.
Shadowsocks - Log File Command Execution
EDB-ID: 43007Author: X41 D-Sec GmbHPublished: 2017-10-17CVE: N/A Type: LocalPlatform: LinuxVulnerable App: Multiple Vulnerabilities in Shadowsocks ======================================= Overview...
View ArticleClik here to view.
Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)
EDB-ID: 43008Author: MetasploitPublished: 2017-10-17CVE: CVE-2017-12617 Type: RemotePlatform: JavaAliases: N/AAdvisory/Source: LinkTags: Metasploit FrameworkVulnerable App: N/A # This module requires...
View Article