Clik here to view.
Zeta Components Mail 1.8.1 - Remote Code Execution
EDB-ID: 43155Author: MalwareBenchmarkPublished: 2017-11-16CVE: CVE-2017-15806 Type: WebappsPlatform: PHPAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A module: Mail, <= 1.8.1...
View ArticleClik here to view.
RSA Authentication Manager CVE-2017-14373 Cross Site Scripting Vulnerability
RSA Authentication Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
View ArticleClik here to view.
VX Search 10.2.14 - 'Proxy' Buffer Overflow (SEH)
EDB-ID: 43156Author: wetw0rkPublished: 2017-11-16CVE: N/A Type: LocalPlatform: WindowsVulnerable App: # # Exploit Title : VXSearch v10.2.14 Local SEH Overflow # Date : 11/16/2017 # Exploit Author :...
View ArticleClik here to view.
Progress Sitefinity 10.0 / 10.1 Broken Access Control / LINQ Injection
Progress Sitefinity versions 10.0 and 10.1 suffer from broken access control and LINQ injection vulnerabilities.MD5 | 81f6c377a2786674652795adbfa628e3DownloadSEC Consult Vulnerability Lab Security...
View ArticleClik here to view.
VXSearch 10.2.14 Local SEH Overflow
VXSearch version 10.2.14 local SEH buffer overflow exploit that binds a shell to port 1337.MD5 | 1ab1330c76b3835a22a52f5325e58751Download#!/usr/bin/env python## Exploit Title : VXSearch v10.2.14 Local...
View ArticleClik here to view.
Google Chrome Universal Cross Site Scripting
Google Chrome versions prior to 62 universal cross site scripting proof of concept exploit.MD5 | ad8127eed413a23668fc4660414117ffDownloadSource:packetstormsecurity.com
View ArticleClik here to view.
Multiple TIBCO Products CVE-2014-2542 Multiple HTML Injection Vulnerabilities
Multiple TIBCO Products are prone to a multiple HTML-injection vulnerabilities because they fail to properly sanitize user-supplied input. Successful exploits will result in the execution of arbitrary...
View ArticleClik here to view.
D-Link DCS-936L Cross Site Request Forgery
D-Link DCS-936L suffers from a cross site request forgery vulnerability.MD5 | 16ebb26ff2ecf0815f3032dd2a3b7e7cDownload# Exploit Title: [D-Link DCS-936L network camera incomplete/weak CSRF protection...
View ArticleClik here to view.
phpMyFAQ 2.9.9 Code Injection
phpMyFAQ version 2.9.9 suffers from an issue where an administrative account can execute arbitrary code on the server by modifying LANG_CONF[main.metaDescription].MD5 |...
View ArticleClik here to view.
Dell Active Roles 7.x Unquoted Service Path Privilege Escalation
Dell Active Roles versions 7.1, 7.0.4, 7.0.3, 7.0.2, and 7.0 suffer from an unquoted service path privilege escalation vulnerability.MD5 | 345625e8405d3b2ffe718dce42429c46Download# Exploit Title: [Dell...
View ArticleClik here to view.
MyBB 1.8.13 - Remote Code Execution
EDB-ID: 43136Author: PabstersacPublished: 2017-11-11CVE: CVE-2017-16780 Type: WebappsPlatform: PHPVulnerable App: N/A # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage:...
View ArticleClik here to view.
MyBB 1.8.13 - Cross-Site Scripting
EDB-ID: 43137Author: PabstersacPublished: 2017-11-11CVE: CVE-2017-16781 Type: WebappsPlatform: PHPVulnerable App: N/A # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage:...
View ArticleClik here to view.
iOS < 11.1 / tvOS < 11.1 / watchOS < 4.1 - Denial of Service
EDB-ID: 43161Author: Russian OtterPublished: 2017-11-20CVE: CVE-2017-13849 Type: DosPlatform: iOSVulnerable App: N/A # Date: 10-31-2017 # Exploit Author: Russian Otter (Ro) # Vendor Homepage:...
View ArticleClik here to view.
Node.js ejs Package 'ejs.renderFile()' function Cross Site Scripting...
The ejs Package for Node.js is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
View ArticleClik here to view.
Multiple VMware Products CVE-2017-4938 Denial of Service Vulnerability
Multiple VMware Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service condition....
View ArticleClik here to view.
VMware NSX Edge CVE-2017-4929 Cross site Scripting Vulnerability
VMware NSX Edge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in...
View ArticleClik here to view.
IBM Rational DOORS Next Generation Multiple Cross Site Scripting Vulnerabilities
IBM Rational DOORS Next Generation is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to...
View ArticleClik here to view.
Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass
EDB-ID: 43162Author: Google Security ResearchPublished: 2017-11-20CVE: CVE-2017-11830 Type: LocalPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Windows: CiSetFileCache...
View ArticleClik here to view.
Symantec Management Console CVE-2017-15527 Directory Traversal Vulnerability
Symantec Management Console is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers may use a specially crafted request with...
View ArticleClik here to view.
Amazon Key CVE-2017-16867 Security Weakness
Amazon Key is prone to a security weakness.Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. InformationBugtraq ID:...
View Article