Protecting IIS With Apache Mod Proxy And Dotdefender WAF
This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.
View ArticleLinux/x86 Obfuscated execve("/bin/sh") Shellcode
40 bytes small Linux/x86 obfuscated execve("/bin/sh") shellcode.
View Article.NetFramework 4.03 Buffer Overflows
NetFramework version 4.03 suffers from buffer overflow vulnerabilities.
View ArticleWindows Diagnostic Troubleshooting Wizard Buffer Overflow
Microsoft Windows Diagnostic Troubleshooting Wizard suffers from buffer overflow vulnerabilities.
View ArticleLinux/x86 Google.com Remap Shellcode
98 bytes small obfuscated Linux/x86 shellcode that maps google.com to 127.1.1.1.
View ArticleLinux/x86 chmod 0777 /etc/shadow Shellcode
84 bytes small obfuscated Linux/x86 shellcode that performs chmod 0777 /etc/shadow.
View ArticleLinux/x86 ROT13 Encoded execve("/bin/sh") Shellcode
68 bytes small Linux/x86 rot 13 encoded execve("/bin/sh") shellcode.
View ArticleUliCMS 8.0.1 Cross Site Request Forgery
UliCMS version 8.0.1 suffers from a cross site request forgery vulnerability.
View ArticleDNS Spider Multithreaded Bruteforcer 0.6
DNS Spider is a multithreaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.
View ArticleMambo 4.6.5 Cross Site Request Forgery / SQL Injection
Mambo version 4.6.5 suffers from a cross site request forgery vulnerability that allows for remote SQL injection.
View ArticleIntel Network Adapter Diagnostic Driver IOCTL DoS
A vulnerability in iqvw32.sys and iqvw64e.sys drivers has been discovered in the Intel Network Adapter Driver. The vulnerability exists due to insufficient input buffer validation when the driver...
View Article724CMS 5.01 / 4.59 / 4.01 / 3.01 SQL Injection
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a remote SQL injection vulnerability.
View Article724CMS 5.01 / 4.59 / 4.01 / 3.01 Cross Site Scripting
724CMS versions 5.01, 4.59, 4.01, and 3.01 suffer from a cross site scripting vulnerability.
View ArticleApplicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.
View ArticleWonder CMS 0.6 Cross Site Scripting
Wonder CMS version 0.6 suffers from a cross site scripting vulnerability.
View ArticleMetasploit Project Cross Site Request Forgery
Metasploit Project versions prior to 4.11.1 suffered from a cross site request forgery vulnerability in the initial user creation functionality.
View ArticleGoogle App Engine Java Security Sandbox Bypasses
Full materials and proof of concept code has been released for the Security Explorations discovery of various Google app engine java security sandbox bypasses.
View ArticleMoodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting
Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to...
View ArticleSpybot Search And Destroy 1.6.2 Privilege Escalation
The Spybot Search and Destroy application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows. This could potentially allow an authorized but non-privileged...
View Article