>> CATEGORY: exploit

OpenSSL alternative chains certificate forgery exploit that has been tested on OpenSSL 1.0.2c, 1.0.2b, 1.0.1o, 1.0.1n, and Fedora 22 (1.0.1k-fips). This is a stand-alone ruby exploit and does not require…

Java Secure Socket Extension (JSSE) SKIP-TLS exploit that has been tested on JDK 8u25 and 7u72. This is a stand-alone ruby exploit and does not require Metasploit.

This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers.

The Vulnerability Laboratory Core Research Team discovered a local command inject vulnerability in the LAN Scan HD v1.20 iOS mobile application.

Heap-based out-of-bounds memory reads have been encountered in FreeType in the handling of the cmap (format 14) SFNT table.

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.