The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7604
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
It’s 2017, and opening a simple MS Word file could compromise your system.
Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.
The Microsoft Office zero-day attack, uncovered by researchers
NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003
Posted by Rewanth Cool on Apr 09
Hi,
I’m sorry, I was not aware of the FD group and I was sending all my work to
the developers group (dev () nmap org). So now, I’m forwarding all my
vulnerability detection and exploitation NSE scripts to this group.
I developed an NSE script for the most recently found vulnerability.
It exploits the Buffer Overflow vulnerability in Microsoft Internet
Information Services (IIS) 6.0 and Microsoft Windows Server 2003.
Its marked…
NSE Script for exploiting Directory traversal vulnerability in WordPress
Posted by Rewanth Cool on Apr 09
NSE Script for exploiting Directory traversal vulnerability in the Elegant
Themes Divi theme for WordPress.
It is marked under CVE-2015-1579.
Its patched for WordPress versions > 4.1.4
This script is under “vuln”, “intrusive” and “exploit” categories. So if
someone who scans the website using these modules it will disclose the
vulnerability to the end user.
There is a PR on #778 <…
NSE scripts for XSS and session hijacking in AsusWRT
Posted by Rewanth Cool on Apr 09
ASUSWRT is a wireless router operating system that powers many routers
produced by ASUS.
NSE scripts for CVE-2017-6547 ( XSS ) and CVE-2017-6549 ( Session stealing
) are developed for AsusWRT.
The script comes under “vuln”, “intrusive”, “exploit”, “dos” categories.
Failed attempts lead to dos attack.
There is a PR on #779 <https://github.com/nmap/nmap/pull/779> regarding the
both the latest…
NSE Script for CVE 2017-6527
Posted by Rewanth Cool on Apr 09
NSE Script for CVE 2017-6527 which was released on 9th March, 2017.
Description:
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is
vulnerable to a NULL-terminated directory traversal attack allowing an
unauthenticated attacker to access system files readable by the web server
user (by using the viewAppletFsa.cgi seqID parameter).
There is a PR on #783 <https://github.com/nmap/nmap/pull/783> on the same.
Best regards,…
CVE-Request:stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations
Posted by Wester 95 on Apr 09
Hi team,
I would like to request one CVE id for this, thank you!
Details
======
Software: s9y Serendipity
Version: 2.1-rc1
Homepage: https://docs.s9y.org/
=======
Description
================
stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations
===========
POC
==========
1.login as a common editor user
2.open a new entry ,then write:
<img src=1 onerror=alert(document.cookie)>…
WordPress Plugin Spider Event Calendar 1.5.51 – Blind SQL Injection
Posted by Manuel Garcia Cardenas on Apr 09
=============================================
MGC ALERT 2017-003
– Original release date: April 06, 2017
– Last revised: April 10, 2017
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Spider Event Calendar 1.5.51 – Blind SQL Injection
II. BACKGROUND
————————-
WordPress event calendar is a FREE…
CVE-2017-7590
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.