The Spybot Search and Destroy application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
ddb6e92cb002970c9f6e6241ac58abf4997bbcfc0d0b442eb9e244618053668d
Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags.
3a879d762267aeaca9fc89ee912f160275d978f39e1f6f838032b7e55569749c
Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
bd960af7763ba59085745caf406af8ad984dad196a7d5aaccd9db363dd96eb1a
Metasploit Project versions prior to 4.11.1 suffered from a cross site request forgery vulnerability in the initial user creation functionality.
77d856bfa456219b7064e2fb95ed37a80ef361d7340f805df55bf4a938533ffb
Wonder CMS version 0.6 suffers from a cross site scripting vulnerability.
e90d859deee2e927ca6d1ae889ffe024e9021ad1f1e0d1137ecf15199f95c850
Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
d05822677796f7d42a5885b32d014b3e46f07144db1a28c4abd29b4ef4b5fb85
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a cross site scripting vulnerability.
ab019ff802627e97149ae0b3963cf84ed5d69814d1a2622737a1242c6b457523
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a remote SQL injection vulnerability.
a6672aaedd9e9354c968805b5f990cfa2885ffeef4a4ab9559cb189a87693c39
A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver processes IOCTL codes 0x80862013, 0x8086200B, 0x8086200F, 0x80862007 using METHOD_NEITHER and due to insecure permissions allowing everyone read and write access to privileged use only functionality. Attackers can exploit this issue to cause a Denial of Service or possibly execute arbitrary code in kernel space.
2aaae5882cd70b23fb6de73c08c10c9b3a2580d689f599c18245a6496dc7c1ca
Mambo version 4.6.5 suffers from a cross site request forgery vulnerability that allows for remote SQL injection.
04bf9a99d0420b97a030af4f2b626076b0e55a0fa14e06697a069a826e3585ce
DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
ab05f4446447485d9e01006db792d8ceff3738d1799373c3c8b484e2a5bdd401
UliCMS version 8.0.1 suffers from a cross site request forgery vulnerability.
9b42b7b4b12fd9108033bbc04bd7fa32db25cdc43e93fe2f55e9ff51410b41ca
68 bytes small Linux/x86 rot 13 encoded execve("/bin/sh") shellcode.
d5c53f68b3271754dd33f9b9b3fce23cc492b3410d1677a1cdebc0367665c996
84 bytes small obfuscated Linux/x86 shellcode that performs chmod 0777 /etc/shadow.
86599ae981137ac35644a9a76fff0131fb83ddab86a4da180a26b684314311a4
98 bytes small obfuscated Linux/x86 shellcode that maps google.com to 127.1.1.1.
5e2f47bde231bcc4252b85f5bb7dec35d14ae3da0008b9e96d251474d15e793e
Microsoft Windows Diagnostic Troubleshooting Wizard suffers from buffer overflow vulnerabilities.
4cece5e320932e7702b7eabfa2aaeb0ad115b1cfa29142b0be78a1372ac31ad7
NetFramework version 4.03 suffers from buffer overflow vulnerabilities.
b3060378025fd371ff54d57225de65a0e37ad829f6e3c1e608cf2af10bbab183
40 bytes small Linux/x86 obfuscated execve("/bin/sh") shellcode.
6bc72d166eab16b210ccb20f51b7dd79c511d39d99c8520c5c27fe2d5420016c
This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.
d05d7429ea70363cecca14474d2edcf047db67733e981e02c510f7d4967caf65