Clik here to view.
Microsoft Office - OLE Remote Code Execution
EDB-ID: 43163Author: embediPublished: 2017-11-20CVE: CVE-2017-11882 Type: RemotePlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A CVE-2017-11882:...
View ArticleClik here to view.
Microsoft Windows 10 - 'nt!NtQueryDirectoryFile...
EDB-ID: 43165Author: Google Security ResearchPublished: 2017-11-21CVE: CVE-2017-11831 Type: DosPlatform: WindowsAliases: N/AAdvisory/Source: LinkTags: N/AVulnerable App: N/A Source:...
View ArticleClik here to view.
GNU ncurses 6.0 tic Denial Of Service
tic in the GNU ncurses library version 6.0 suffers from a buffer overflow condition that can cause a denial of service.MD5 | 4c2efbea6e88dde67ea2485bc3b586d8DownloadSource:packetstormsecurity.com
View ArticleClik here to view.
School CMS 1.0.0 File Uplaod
School CMS version 1.00 suffers from a remote file upload vulnerability.MD5 | 374a506e3f640be7708db9087426c809Download ___________________________________________________|| Exploit Title: school cms...
View ArticleClik here to view.
School CMS 1.0.0 Cross Site Scripting
School CMS version 1.0.0 suffers from a cross site scripting vulnerability.MD5 | 69fcc7d7ea123ee3313a91e3a6654509Download ___________________________________________________|| Exploit Title: school cms...
View ArticleClik here to view.
WordPress amtyThumb 8.1.3 Cross Site Scripting
WordPress amtyThumb plugin version 8.1.3 suffers from a cross site scripting vulnerability.MD5 | 749cafe35287a46fc9858168d75df892DownloadClass Input Validation ErrorRemote YesCredit Ricardo...
View ArticleClik here to view.
WordPress In Link 1.0 SQL Injection
WordPress In Link plugin version 1.0 suffers from a remote SQL injection vulnerability.MD5 | 600b52112356168f81ddd51bfa225566DownloadVulnerability Type:SQL injection is POST parameter "keyword"Affected...
View ArticleClik here to view.
WordPress Advanced Post Type Ratings 1.1 Cross Site Scripting
WordPress Advanced Post Type Ratings plugin version 1.1 suffers from a cross site scripting vulnerability.MD5 | f0dbb00b1b94e678b485c82e2721d274DownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
WordPress Emag Marketplace Connector 1.0 Cross Site Scripting
WordPress Emag Marketplace Connector plugin version 1.0 suffers from a cross site scripting vulnerability.MD5 | c8259171cfc851752080208d056d00b0DownloadClass Input Validation ErrorRemote YesCredit...
View ArticleClik here to view.
RSA Authentication Manager 8.2 SP1 P5 Cross Site Scripting
RSA Authentication Manager versions 8.2 SP1 P5 and below suffer from a stored cross site scripting vulnerability.MD5 | 98b56083996dc724062af46fed8262b5Download-----BEGIN PGP SIGNED MESSAGE-----Hash:...
View ArticleClik here to view.
EMC ScaleIO 2.0.1.x DoS / Buffer Overflow / Information Disclosure
EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 suffer from information disclosure, denial of service, and buffer overflow vulnerabilities.MD5 |...
View ArticleClik here to view.
Microsoft Windows NTFS File System Metadata Disclosures
The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.MD5 | 82f8fc385cb8e1d9907a4dbdb347c2e4DownloadWindows Kernel multiple stack and pool...
View ArticleClik here to view.
Microsoft Windows CI CiSetFileCache TOCTOU Security Feature Bypass
It is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.MD5 |...
View ArticleClik here to view.
Microsoft Windows nt!NtQueryDirectoryFile (luafv!LuafvCopyDirectoryEntry)...
It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure...
View ArticleClik here to view.
Microsoft Windows win32k!xxxSendMenuSelect Memory Disclosure
There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.MD5 | df47cad4c0563e46c4d01e39c825ee89DownloadWindows Kernel...
View ArticleClik here to view.
Magento Multiple Security Vulnerabilities
Magento is prone to the following security vulnerabilities. 1. An HTML-injection vulnerability2. Multiple remote-code execution vulnerabilities3. A local file-include vulnerability 4. An...
View ArticleClik here to view.
TYPO3 T3Blog Extbase Extension Cross Site Scripting Vulnerability
The T3Blog Extbase extension for TYPO3 is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
View ArticleClik here to view.
Fortinet Fortiweb CVE-2017-7736 HTML Injection Vulnerability
Fortinet Fortiweb is prone to an HTML-injection vulnerability because they fail to sanitize user-supplied input Successful exploits will allow attacker-supplied HTML and script code to run in the...
View ArticleClik here to view.
Oracle Outside In 8.5.3.0 Denial Of Service
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within...
View ArticleClik here to view.
WebKit - 'WebCore::PositionIterator::decrement' Use-After-Free
EDB-ID: 43168Author: Google Security ResearchPublished: 2017-11-22CVE: CVE-2017-13797 Type: DosPlatform: MultipleAliases: N/AAdvisory/Source: LinkTags: Use After Free (UAF)Vulnerable App: N/A Source:...
View Article