Clik here to view.
Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox...
EDB-ID: 43127Author: Chris SallsPublished: 2017-11-06CVE: CVE-2017-5123 Type: LocalPlatform: LinuxAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A // By Chris Salls...
View ArticleClik here to view.
pfSense 2.3.1_1 - Command Execution
EDB-ID: 43128Author: s4squatchPublished: 2017-11-07CVE: N/A Type: WebappsPlatform: PHPVulnerable App: N/A # Date: 11-06-2017 # Exploit Author: s4squatch (Scott White - www.trustedsec.com) # Vendor...
View ArticleClik here to view.
ManageEngine Applications Manager 13 - SQL Injection
EDB-ID: 43129Author: Cody SixteenPublished: 2017-11-07CVE: CVE-2017-16542... Type: WebappsPlatform: WindowsAliases: N/AAdvisory/Source: N/ATags: SQL Injection (SQLi)Vulnerable App: N/A Proof of Concept...
View ArticleClik here to view.
Jenkins Multiple Security Vulnerabilities
Jenkins is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
View ArticleClik here to view.
Bolt CVE-2017-16754 Multiple Access Bypass Vulnerabilities
Bolt is prone to multiple access-bypass vulnerabilities because of improper access validation An attacker can exploit these issues to bypass certain security restrictions and gain access to sensitive...
View ArticleClik here to view.
NetApp OnCommand Unified Manager Core Package CVE-2017-11461 Clickjacking...
NetApp OnCommand Unified Manager Core Package is prone to an click-jacking vulnerability.Successful exploits will allow an attacker to compromise the affected application or obtain sensitive...
View ArticleClik here to view.
PTP-RAT Screen Share Proof Of Concept
PTP-RAT is a proof of concept that allows data theft via screen-share protocols. Each screen flash starts with a header. This contains a magic string, "PTP-RAT-CHUNK" followed by a sequence number....
View ArticleClik here to view.
Datto Windows Agent Remote Code Execution
Datto Windows Agent suffers from multiple remote code execution vulnerabilities.MD5 | 676d485c422ed3c22a813b3845e1997aDownloadCredits=======Brian Vincent, Michael BrumlowSoftware========Datto Windows...
View ArticleClik here to view.
WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting
WordPress Secure HTML5 Video Player plugin version 3.14 suffers from a cross site scripting vulnerability.MD5 | 7c6782d0b1fcc514f0b6c8ff87366d9fDownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
VMware vCenter Server CVE-2017-4927 Denial of Service Vulnerability
VMware vCenter Server is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition. InformationBugtraq ID: 101786 Class: Failure to Handle...
View ArticleClik here to view.
ManageEngine ServiceDesk CVE-2017-11511 Arbitrary File Download Vulnerability
ManageEngine ServiceDesk is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit...
View ArticleClik here to view.
Hola VPN CVE-2017-16757 Local Privilege Escalation Vulnerability
Hola VPN is prone to a local privilege escalation vulnerability. A local attacker can leverage this issue to gain elevated privileges. Hola VPN version 1.34 is affected. InformationBugtraq ID: 101787...
View ArticleClik here to view.
Roundcube Webmail CVE-2017-16651 Information Disclosure Vulnerability
Roundcube Webmail is prone to an information-disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information. Information obtained may lead to further...
View ArticleClik here to view.
Joomla! Kunena Extension CVE-2017-5673 Multiple Cross Site Scripting...
The Kunena Extension for Joomla! is prone to a multiple cross-site-scripting Vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issue to execute...
View ArticleClik here to view.
SWFTools 'swfbits.c' Remote Denial of Service Vulnerability
SWFTools is prone to a remote denial-of-service vulnerability. Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions.SWFTools 0.9.2 is...
View ArticleClik here to view.
TYPO3 CAB FAL Search Extension Cross Site Scripting Vulnerability
The CAB FAL search extension for TYPO3 is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to...
View ArticleClik here to view.
PHPUnit CVE-2017-9841 Arbitrary Code Execution Vulnerability
PHPUnit is prone to an arbitrary code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit...
View ArticleClik here to view.
ManageEngine ServiceDesk CVE-2017-11512 Arbitrary File Download Vulnerability
ManageEngine ServiceDesk is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit...
View ArticleClik here to view.
Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)
EDB-ID: 43135Author: bzyoPublished: 2017-11-07CVE: N/A Type: DosPlatform: WindowsVulnerable App: # # Exploit Author: bzyo # Twitter: @bzyo_ # Exploit Title: Xlight FTP Server (x86/x64) - Buffer...
View ArticleClik here to view.
Symantec Endpoint Protection 12.1 - Tamper-Protection Bypass
EDB-ID: 43134Author: hyp3rlinxPublished: 2017-11-10CVE: CVE-2017-6331 Type: LocalPlatform: WindowsVulnerable App: N/A [+] Website: hyp3rlinx.altervista.org [+] Source:...
View Article