Linux x86_64 execve("/bin/sh") Shellcode
31 bytes small Linux x86_64 execve("/bin/sh") shellcode.
View ArticleSedSystems D3 Decimator Default Credentials / File Disclosure
SedSystems D3 Decimator suffers from default credential and local file disclosure vulnerabilities.
View ArticleCoppermine Gallery 1.5.44 Directory Traversal
Coppermine Gallery versions 1.5.44 and below suffer from a directory traversal vulnerability.
View ArticleHipchat Remote Code Execution
Hipchat server versions prior to 2.2.3 suffer from a remote code execution vulnerability that can be leveraged via Administrative Imports.
View ArticleAgorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference
Agorum Core Pro version 7.8.1.4-251 suffers from an insecure direct object reference vulnerability.
View ArticlePonyOS 4.0 fluttershy LD_LIBRARY_PATH Privilege Escalation
PonyOS version 4.0 fluttershy LD_LIBRARY_PATH local kernel exploit.
View ArticleAgorum Core Pro 7.8.1.4-251 Cross Site Scripting
Agorum Core Pro version 7.8.1.4-251 suffers from a persistent cross site scripting vulnerability.
View ArticleAgorum Core Pro 7.8.1.4-251 Cross Site Request Forgery
Agorum Core Pro version 7.8.1.4-251 suffers from a cross site request forgery vulnerability.
View ArticleWord Directory Script 2.1 Cross Site Scripting / SQL Injection
Word Directory Script version 2.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
View ArticleGNS3 Mac OS-X 1.5.2 ubridge Privilege Escalation
GNS3 Mac OS-X version 1.5.2 ubridge privilege escalation exploit.
View ArticleAlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication...
View ArticleAgorum Core Pro 7.8.1.4-251 Cross Site Scripting
Agorum Core Pro version 7.8.1.4-251 suffers from a reflective cross site scripting vulnerability.
View ArticleAgorum Core Pro 7.8.1.4-251 XXE Injection
Agorum Core Pro version 7.8.1.4-251 suffers from an XML external entity injection vulnerability.
View Articleconcrete5 8.1.0 Host Header Injection
concrete5 version 8.1.0 suffers from a host header injection vulnerability.
View ArticleMicrosoft Windows Kernel NtGdiGetDIBitsInternal Memory Disclosure / DoS
Multiple bugs have been discovered in the implementation of the win32k!NtGdiGetDIBitsInternal system call, which is a part of the graphic subsystem in all modern versions of Windows. The issues can...
View ArticleMicrosoft Windows Kernel win32kfull!SfnINLPUAHDRAWMENUITEM Memory Disclosure
The Microsoft Windows kernel suffers from a stack memory disclosure vulnerability in win32kfull!SfnINLPUAHDRAWMENUITEM.
View ArticleHPE Security Bulletin HPESBGN03728 1
HPE Security Bulletin HPESBGN03728 1 - Potential security vulnerabilities in OpenSSL have been addressed in HPE Operations Agent. These vulnerabilities could be remotely exploited resulting in Denial...
View ArticleSlackware Security Advisory - bind Updates
Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
View Article
