Microsoft Internet Explorer HTML Help Control version 4.74 local zone bypass exploit. Proof of concept code for an ancient vulnerability.

PoDoFo version 0.9.5 suffers from a buffer overflow vulnerability.

Liferay Portal versions prior to 7.0.4 suffer from a server-side request forgery vulnerability.

Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse “puiframeworkproresenu.dll” file in the current working directory, due to a search order flaw vulnerability.

HP Enterprise VAN SDN Controller version 2.7.18.0503 suffers from an unauthenticated remote root vulnerability. A hard-coded service token can be used to bypass authentication. Built-in functionality can be exploited to deploy and execute a malicious deb file containing a backdoor. A weak sudoers configuration can then be abused to escalate privileges to root. A second […]

This Metasploit module exploits a command injection vulnerability in Quest KACE Systems Management Appliance version 8.0.318 (and possibly prior). The download_agent_installer.php file allows unauthenticated users to execute arbitrary commands as the web server user www. A valid Organization ID is required. The default value is 1. A valid Windows agent version number must also be […]

The vulnerability laboratory core research team discovered mutliple cross site scripting vulnerabilities in the offici…

The vulnerability laboratory core research team discovered an application-side vulnerability in the official GhostMail c…