Showing 1 - 8 of 8

Files Date: 2019-08-02

Apache Tika 1.17 Header Command Injection: Posted Aug 2, 2019; Authored by h00die, David Yesland, Tim Allison | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 through 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only versions greater than 1.14 were exploitable due to jp2 support being added.; tags | exploit, arbitrary; systems | windows; advisories | CVE-2018-1335; SHA-256 | 1d10dcd077954ec22984a947fb2e56ca4e13c135682dadd44362021acac47063; Download | Favorite | View

Microsoft Windows PowerShell Command Execution: Posted Aug 2, 2019; Authored by hyp3rlinx | Site hyp3rlinx.altervista.org; Microsoft Windows suffers from a PowerShell unsanitized filename command execution vulnerability.; tags | exploit; systems | windows; SHA-256 | 5bf128419e761a002a979be67be908ac183d09b615d51b039f45e8ee8acc4abf; Download | Favorite | View

Slackware Security Advisory - mariadb Updates: Posted Aug 2, 2019; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New mariadb packages are available for Slackware 14.1 and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805; SHA-256 | 88e359d74512a7377541103a19c43b7fe710266e44ddaaee6f662eed622f16c8; Download | Favorite | View

Ubuntu Security Notice USN-4079-2: Posted Aug 2, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4079-2 - USN-4079-1 fixed vulnerabilities in SoX. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 19.04. It was discovered that SoX incorrectly handled certain MP3 files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2019-8354, CVE-2019-8355; SHA-256 | 5ffe08fe87a127722df794d049e52f8a60387a6175169e17197ecd176757eafd; Download | Favorite | View

1CRM On-Premise Software 8.5.7 Cross Site Scripting: Posted Aug 2, 2019; Authored by Kusol Watchara-Apanukorn; 1CRM On-Premise Software version 8.5.7 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-14221; SHA-256 | eff2bc5b0e9b2c3ca58c4026a0692a0f8fc667bfd42ba75e5e23388450bb2dd3; Download | Favorite | View

Sar2HTML 3.2.1 Remote Command Execution: Posted Aug 2, 2019; Authored by Furkan Kayapinar; Sar2HTML version 3.2.1 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | 5fa15a6b77d4962ba78da4a2e5ccc45e9c58643332ff42a8a24f459ad157b766; Download | Favorite | View

College Notes Management System 1.0 Cross Site Request Forgery: Posted Aug 2, 2019; Authored by Mr Winst0n; College Notes Management System version 1.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 5a473bcd1e8fd7ec281d752f4d5fd3085ac3d7648cff696292ab9a73ff6acd76; Download | Favorite | View

Rest Cafe And Restaurant Website CMS SQL Injection: Posted Aug 2, 2019; Authored by n1x_; Rest Cafe and Restaurant Website CMS suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8209eb6be8ace74a8b33c7c568913ba58b65b8e519c0954a7543d0f4d25d38b6; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days