Clik here to view.
SAP SAPUI5 Unspecified Cross Site Scripting Vulnerability
SAP SAPUI5 is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script...
View ArticleClik here to view.
DIR-850L - (Un)authenticated OS Command Execution (Metasploit)
EDB-ID: 43143Author: MetasploitPublished: 2017-11-14CVE: N/A Type: RemotePlatform: Linux_MIPSAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module requires...
View ArticleClik here to view.
PHP 7.1.8 - Heap-Based Buffer Overflow
EDB-ID: 43133Author: Wei Lei and Liu YangPublished: 2017-11-09CVE: CVE-2017-16642 Type: DosPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A ------------ A heap...
View ArticleClik here to view.
Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)
EDB-ID: 43132Author: MetasploitPublished: 2017-11-09CVE: N/A Type: RemotePlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: Metasploit Framework (MSF)Vulnerable App: N/A # This module requires...
View ArticleClik here to view.
PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free
EDB-ID: 43144Author: X41 D-Sec GmbHPublished: 2017-11-14CVE: CVE-2017-15270... Type: DosPlatform: WindowsVulnerable App: N/A Multiple Vulnerabilities in PSFTPd Windows FTP Server...
View ArticleClik here to view.
Dup Scout Enterprise 10.0.18 - 'Login' Buffer Overflow
EDB-ID: 43145Author: sicknessPublished: 2017-11-14CVE: N/A Type: RemotePlatform: WindowsVulnerable App: # The application requires to have the web server enabled. # Exploit for older version:...
View ArticleClik here to view.
Adobe Experience Manager CVE-2017-3109 Cross Site Scripting Vulnerability
Adobe Experience Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script...
View ArticleClik here to view.
Dup Scout Enterprise 10.0.18 Buffer Overflow
Dup Scout Enterprise version 10.0.18 'Login' buffer overflow exploit.MD5 | 790e2c3309e345ffb151e91188c0384aDownload# Tested on Windows 10 (x86)# The application requires to have the web server enabled....
View ArticleClik here to view.
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
Allworx Server Manager versions 6x, 6x12, and 48x suffer from multiple cross site scripting vulnerabilities.MD5 | 03843045c240dd5452b85689aaa3d6b7Download<!DOCTYPE html><!--Allworx Server...
View ArticleClik here to view.
Ulterius Server Directory Traversal
Ulterius Server version prior to 1.9.5.0 suffer from a directory traversal vulnerability.MD5 | d120292bfc40e946f75650acf7e268cbDownload# Exploit Title: Ulterius Server < 1.9.5.0 Directory Traversal...
View ArticleClik here to view.
SAP BusinessObjects Analysis for OLAP Unspecified Cross Site Scripting...
SAP BusinessObjects Analysis for OLAP is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue...
View ArticleClik here to view.
SAP Customer Relationship Management Mail Form Editor Unspecified Cross Site...
SAP Customer Relationship Management Mail Form Editor is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can...
View ArticleClik here to view.
SAP GUI for HTML Cross Site Scripting Vulnerability
SAP GUI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the...
View ArticleClik here to view.
Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
Apache Sling Servlets Post is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
View ArticleClik here to view.
Debian Postgresql-common CVE-2017-8806 Multiple Insecure Temporary File...
Debian PostgreSQL-common is prone to multiple insecure-temporary-file handling vulnerabilities.An attacker with local access could potentially exploit these issues to perform symbolic-link attacks,...
View ArticleClik here to view.
CA Identity Governance CVE-2017-9394 HTML Injection Vulnerability
CA Identity Governance is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.An attacker may leverage this issue to execute arbitrary script code in the...
View ArticleClik here to view.
Anti-Virus Privileged File Write
Anti-Virus solutions are split into several different components (an unprivileged user mode part, a privileged user mode part and a kernel component). Logically the different systems talk to each...
View ArticleClik here to view.
Vivotek IP Cameras Remote Stack Overflow
Many Vivotek IP cameras suffer from a remote stack overflow vulnerability. Device models include CC8160, CC8370, CC8371, CD8371, FD8166A, FD8166A, FD8166A-N, FD8167A, FD8167A, FD8167AS, FD8167AS,...
View ArticleClik here to view.
CA Identity Governance 12.6 Cross Site Scripting
CA Identity Governance version 12.6 suffers from a cross site scripting vulnerability.MD5 | 7c4935db1c428ebb3f1a77dfde5c5a8bDownload-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512CA20171114-01: Security...
View ArticleClik here to view.
Microsoft Windows WLDP/Scriptlet CLSID UMCI Bypass
The enlightened lockdown policy check for COM Class instantiation can be bypassed in Scriptlet hosts leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).MD5 |...
View Article