This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Sync Breeze Enterprise v9.4.28, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86.
5ff2902a3ec062393e0570fee4f1cc86ff341942ea0f0f52a2987780cddb68ec
This Metasploit module exploits an option injection vulnerability in the SyntaxHighlight extension of MediaWiki. It tries to create and execute a PHP file in the document root. The USERNAME and PASSWORD options are only needed if the Wiki is configured as private. This vulnerability affects any MediaWiki installation with SyntaxHighlight version 2.0 installed and enabled. This extension ships with the AIO package of MediaWiki version 1.27.x and 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
42e48276927339958a36dbb2f1b6e10a0ccdc795bdf63b73b3596ebd982b5dac
Pegasus version 4.72 build 572 suffers from a mailto link remote code execution vulnerability.
4427731fa13b99b05e574e495f0ae5cbb93c76a5b78829b68f137b2e0bd8adef
Secure Auditor version 3.0 suffers from a directory traversal vulnerability.
9e96947d550edd506262be8499d639f6170b5fd597c1c3c5b3b82e2f120658a4
Microsoft Windows 7/2008 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
a89834c93f1d470ef6476b4a640ac5f5403058b6205f6653a27aa9c7ac53d1f4
Microsoft Windows 8/2012 R2 x64 EternalBlue SMB remote code execution exploit that leverages MS17-010.
d2515a1e6d996e23c72bd9ad42e411a45def083377a039d3c6f773b7ebd85fba
The Joomla version 3.7.0 fields component suffers from a remote SQL injection vulnerability.
914600f2292f25a5648b2ad58ced49b43809bcd44e72b9d8a1f6176e284de9f6
PlaySMS version 1.4 suffers from a remote code execution vulnerability.
3c8a63c95cb5cd39de2c05874efd2f98a9c719765b28143345cabc3ef991b525
D-Link DIR-600M Wireless N 150 suffers from an authentication bypass vulnerability.
d2de4c1ec6d915ce30568940e60b15df8daef411482a245f56c00ebbe5c653ba
ManageEngine ServiceDesk Plus version 9.0 suffers from an authentication bypass vulnerability.
0b8968d2eb45a073ca7bd4ac6b7249f163568b69dd319a79d314bac27cbd48d1
SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability.
3257ec117b9ead701ce13e2ebd0d94106c6ccea7ddacfc94e55a7d5f53ba0456
KMCIS CaseAware suffers from a cross site scripting vulnerability.
8ed17c56890bb941dc62c03f9ac26a10d3abf303ee137587b5a0126dd6299721
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
b160969dd8950f63afd57243cbbe2af0f7de9501a877e78b9b8ed9bae5405b59
Asterisk Project Security Advisory - A remote memory exhaustion can be triggered by sending an SCCP packet to Asterisk system with chan_skinny enabled that is larger than the length of the SCCP header but smaller than the packet length specified in the header. The loop that reads the rest of the packet does not detect that the call to read() returned end-of-file before the expected number of bytes and continues infinitely. The partial data message logging in that tight loop causes Asterisk to exhaust all available memory.
8d5f47cf0e67ce5864a2b2a4177e62f386b1d90a8d45c93551e617023efa518c
Asterisk Project Security Advisory - The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially-crafted packet can trigger these invalid reads and potentially induce a crash.
dffc64dd4e5928c9a21df82604d70762c92068e2145f6bc7293d2eb080f35bbc
Asterisk Project Security Advisory - A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.
60ef218a0c056d6aec0776e903fa217b0958d9a103decc2e014f49f5d98412d9
This bulletin summary lists one bulletin that has undergone a major revision increment.
e9644ba34af5fc468f284a8211f278b9180d4ad29b4398daec9fe8adb57be2f5
Google I/O 2017 application for Android versions prior to 5.1.4 suffer from a man-in-the-middle vulnerability.
1fa0559e9edae7e21ef67d5f155d2d2b4db4d4651ee541249e1393abaf366ace
In default installations of HP SiteScope version 11.32, access to Java Management Extensions (JMX) is allowed to unauthenticated users over port 28006. This configuration allows for remote code execution exploits.
52544054868c2ef0c003c8317520227934d8c939f448bb6d5e4d362256c9015c