IBM DB2 versions 9.7, 10.1, 10.5, and 11.1 suffer from a command line process buffer overflow vulnerability.
9fcbc5360bbab3d3d0d5f91e96ba944fd77fa77b62d50735a37991cb02aa1f1f
Microsoft Skype versions 7.2, 7.35 and 7.36 suffer from a stack buffer overflow vulnerability.
0e0544408b08435e8c9b2a3021530969e5be446fa97e97008d000530d1c7c8ad
JAD version 1.5.8e-1kali1 suffers from a buffer overflow vulnerability.
802114a05907d65bb9ed538820a7f40a9bb461fc90ea763cdd2ae06a674e7c36
75 bytes small Linux/x86 shellcode that binds a shell to port 4444. Contains no NULLs.
d53564a1b5086ca9438ce3b8d47f4ecf791f83665b4a94bb8208f3045bba4d87
LAME version 3.99.5 suffers from a II_step_one buffer overflow vulnerability.
c0d47bb7301f022f6f4bca87c719e9d35f43e22feb39a4162f5c1684559fbe46
LAME version 3.99.5 suffers from a III_dequantize_sample stack buffer overflow vulnerability.
adb0e16c8d53d98759bcd81531a4dde6b96e3e0af1359518a613652b71bfdd37
NTFS version 3.1 master file table denial of service exploit.
023ff239fff9f7065185a583b55580bf454882eb7fde9dbcd03bd0550c46debe
D-Link DIR-100 suffers from brute force and cross site request forgery vulnerabilities.
386fd93a4422b5c30c240c4eb2594da9d9779d096bf555c60db8d9a08d208dae
Whitepaper called Fully Undetectable Malware. Translated to English.
a265b29ba1e3f7e24e1530963506da2733ed4e5a624e5dcab390f90cdf6911ae
Telegram version 4.0.1 suffers from a two-factor authentication bypass vulnerability.
5280b511f82107d0416f37f8c3ee94ea8bb4287712f2550f3aecfbdf4e24537a
PHPMailer versions prior to 5.2.23 suffer from a cross site scripting vulnerability.
1b25e7c937e0dcc26d33ddd071b6a29508d5f9760b15d8fd0b456d5b8050b7a9
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
ea9ff3fb24e8583466771348051186ca6b2ef4082149fe5e8d15e38b320506e5
The Microsoft MsMpEng mpengine x86 emulator suffers from a heap corruption vulnerability in VFS API.
46362a2418387131b284b6f99ffbd92b63a52b28cf6850b31bc0119ebc171b9f
Microsoft Edge suffers from a type confusion vulnerability in CssParser::RecordProperty.
1aa785f1fd6f0eb74b2354c469073d303a744ebbead37d6b9b3783902311bdfb
Adobe Flash suffers from a heap corruption vulnerability in the ATF parser.
aa2b6fd4f44a098e6ecba7504988e0d89a5e75e3bc29a11c164bf7ac741679b8
Adobe Flash suffers from an image decoding out-of-bounds read vulnerability.
ed9044e4b79f06703ef40af5da53a9e9a388c8c9448c95d856dc28954cdd4c1a
Adobe Flash suffers from an avc edge processing out-of-bounds read vulnerability.
d111143f959eac16a5ac31bce6622f40e6dd0f4a712d9c78aedc9111f504fb20
This Metasploit module exploits a POST buffer overflow in the Easy File Sharing FTP Server 7.2 software.
4a93277c80577e51f05d3a867109d74d266c265a7afc0d44a519a77e90b3dcd1
This Metasploit module exploits the command injection vulnerability of Symantec Messaging Gateway product. An authenticated user can execute a terminal command under the context of the web server user which is root. backupNow.do endpoint takes several user inputs and then pass them to the internal service which is responsible for executing operating system command. One of the user input is being passed to the service without proper validation. That cause an command injection vulnerability. But given parameters, such a SSH ip address, port and credentials are validated before executing terminal command. Thus, you need to configure your own SSH service and set the required parameter during module usage. This Metasploit module was tested against Symantec Messaging Gateway 10.6.2-7.
65388a1ffa6f7c2c3a870b20d908b020bed384530b6eb97b4dccaaf421a58506
This Metasploit module exploits a command injection vulnerability in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details.
1fec4e5211012852df5a0c5522fb686d79ac9dee14476e919180c9eb884159d8
Eltek SmartPack has backdoor accounts that are disclosed via some json files.
35314e73b316d0100a38a94bd56fbfe77f2b0f17b9eae437dbc56ea636f9b4ef
This whitepaper gives an introduction to honeypots. Written in Arabic.
358326e486f7f83b93ee8d5c46ee9b94fcfa15682c2ad182d0a826b620d3b182
Red Hat Security Advisory 2017-1574-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root.
a3fd6f04b6ad8fda2683b5fb984f344082cd866c71e638d5c9353f10fb2aa301
Gentoo Linux Security Advisory 201706-26 - Multiple vulnerabilities have been found in Vim and gVim, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 8.0.0386 are affected.
7c10733701e29eeac37e6aa8fe06cb324e6b890f4459b3cb0b45ca1fc384e0e9
Gentoo Linux Security Advisory 201706-25 - An out-of-bounds write in Graphite might allow remote attackers to execute arbitrary code. Versions less than 1.3.8-r1 are affected.
1946705f6b04b4a318b88a460932bc22203cf80d8a418c8a00f59203e127b15d