All Hot News World. Public world blog, journal online reviewed.

Exploit File, PacketStorm Security

RSS feed: Exploit File, PacketStorm Security
Wed, 12 Dec 2018 05:19:32 GMT
Exploit Files ≈ Packet Storm
Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers [ + ]
Wed, 12 Dec 2018 05:12:57 GMT
WordPress Snap Creek Duplicator Code Injection
When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again. [ + ]
Wed, 12 Dec 2018 05:12:12 GMT
HotelDruid 2.3 SQL Injection
HotelDruid version 2.3 suffers from a remote SQL injection vulnerability. [ + ]
Wed, 12 Dec 2018 05:09:47 GMT
Apache OFBiz 16.11.05 Cross Site Scripting
Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability. [ + ]
Wed, 12 Dec 2018 05:08:42 GMT
WordPress AutoSuggest 0.24 SQL Injection
WordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability. [ + ]
Wed, 12 Dec 2018 05:07:23 GMT
ThinkPHP 5.x Remote Code Execution
ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability. [ + ]
Wed, 12 Dec 2018 05:06:11 GMT
Huawei B315s-22 Information Disclosure
Huawei B315s-22 suffers from an information disclosure vulnerability. [ + ]
Wed, 12 Dec 2018 05:04:54 GMT
Adobe ColdFusion 2018 Shell Upload
Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability. [ + ]
Wed, 12 Dec 2018 04:59:22 GMT
TP-Link Archer C1200 Cross Site Scripting
TP-Link Archer C1200 suffers from a cross site scripting vulnerability. [ + ]
Wed, 12 Dec 2018 04:58:38 GMT
PrestaShop 1.6.x / 1.7.x Remote Code Execution
PrestaShop versions 1.6.x and 1.7.x suffer from a remote code execution vulnerability. [ + ]
Wed, 12 Dec 2018 04:57:54 GMT
Tourism Website Blog Code Execution / SQL Injection
Tourism Website version Blog suffers from code execution and remote SQL injection vulnerabilities. [ + ]
Wed, 12 Dec 2018 04:53:53 GMT
Alumni Tracer SMS Notification Cross Site Request Forgery / SQL Injection
Alumni Tracer SMS version Notification suffers from cross site request forgery and remote SQL injection vulnerabilities. [ + ]
Wed, 12 Dec 2018 04:52:30 GMT
SmartFTP Client 9.0.2623.0 Denial Of Service
SmartFTP Client version 9.0.2623.0 suffers from a denial of service vulnerability. [ + ]
Wed, 12 Dec 2018 04:50:32 GMT
LanSpy 2.0.1.159 Buffer Overflow
LanSpy version 2.0.1.159 suffers from a local buffer overflow vulnerability. [ + ]
Wed, 12 Dec 2018 04:45:05 GMT
PrinterOn Enterprise 4.1.4 Arbitrary File Deletion
PrinterOn Enterprise version 4.1.4 suffers from an arbitrary file deletion vulnerability. [ + ]
Wed, 12 Dec 2018 04:42:25 GMT
Linux userfaultfd tmpfs File Permission Bypass
Linux userfaultfd bypasses tmpfs file permissions. [ + ]
Wed, 12 Dec 2018 01:16:01 GMT
WebKit JIT Proxy Object Issue
WebKit JIT int32/double arrays can have proxy objects in the prototype chains. [ + ]
Tue, 11 Dec 2018 19:16:24 GMT
Dynamic Loader Oriented Programming - Wiederganger Proof Of Concept
This paper and proof of concept describes the Wiederganger-Attack, a new attack vector that reliably allows to escalate unbounded array access vulnerabilities occurring in specifically allocated memory regions to full code execution on programs running on i386/x86_64 Linux. Wiederganger-attacks abuse determinism in Linux ASLR implementation combined with the fact that (even with protection mechanisms such as relro and glibc's pointer mangling enabled) there exist easy-to-hijack, writable (function) pointers in application memory. [ + ]
Tue, 11 Dec 2018 16:31:54 GMT
Zoho ManageEngine OpManager 12.3 Cross Site Scripting
Zoho ManageEngine OpManager version 12.3 prior to build 123237 has a cross site scripting vulnerability in the domainController API. [ + ]
Tue, 11 Dec 2018 16:28:02 GMT
CyberLink LabelPrint 2.5 Stack Buffer Overflow
This Metasploit module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This Metasploit module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit). [ + ]
Tue, 11 Dec 2018 01:53:17 GMT
McAfee True Key 5.1.173.1 Privilege Escalation
McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McAfee.TrueKey.Service which can result in privilege escalation through executing arbitrary processes or deleting files and directories. [ + ]
Tue, 11 Dec 2018 01:52:17 GMT
Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle
Google Chrome version 70.0.3538.77 stable suffers from cross site scripting and man-in-the-middle vulnerabilities. [ + ]
Tue, 11 Dec 2018 01:49:45 GMT
XNU POSIX Shared Memory Mapping Issue
XNU POSIX has an issue where shared memory mapping have an incorrect maximum protection. [ + ]
Tue, 11 Dec 2018 01:46:49 GMT
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass
ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities. [ + ]
Tue, 11 Dec 2018 01:46:08 GMT
Symfony 1.4.17 Database Disclosure
Symfony version 1.4.17 suffers from a database disclosure vulnerability. [ + ]

WordPress JoeBooking 6.6.5 Database Disclosure
WordPress JoeBooking plugin version 6.6.5 suffers from a database disclosure vulnerability. [ + ]
PacketStorm Security

Booking.com B.V. is based in Amsterdam in the Netherlands. Ready for some statistics? Our 1,534,024 properties, including 860,482 holiday rentals, are located in 123,105 destinations in 229 countries and territories, and are supported internationally by 198 offices in 70 countries.
2013 Copyright Techhap.com Mobile version 2015 | PeterLife & company
Skimlinks helps publishers monetize editorial content through automated affiliate links for products. Affiliate programm.
Link at is mandatory if site materials are using fully or particulary.
Were treated to the site administrator, a cup of coffee *https://paypal.me/peterlife
Yandex.ru