Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

Debian DLA-1253-1 : openocd security update

OpenOCD, an on-chip JTAG debug solution for ARM and MIPS systems, does not block attempts to use HTTP POST for sending data to localhost, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted website. For Debian 7...

createyourreel.com XSS vulnerability

Open Bug Bounty ID: OBB-524087 Description| Value ---|--- Affected Website:| createyourreel.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Fedora 27 : php-PHPMailer (2017-4b3873b325)

Version 5.2.26 November 4th 2017 - Minor security backport from 6.0 - set Debugoutput in constructor according to SAPI in use, avoiding potential XSS in default debug output. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...

Grab: Unrestricted access to https://██████.█████myteksi.net/

Hello again Grab Security Team ! Following my previous research, it seems that your Microservices architecture you are currently running on .█████myteksi.net is publicly exposed on another endpoint : https://█████████.█████myteksi.net. Summary: When researching and starting a new enumeration of...

CPP-Ethereum JSON-RPC Denial Of Service Vulnerabilities(CVE-2017-12119)

Summary An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum's JSON-RPC. Specially crafted JSON requests can cause a unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability. Tested Versions Ethereum...

kernel-tmb update provides 4.14 series and fixes security vulnerabilities

This kernel-tmb update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in...

MGASA-2018-0062 kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

kernel update provides 4.14 series and fixes security vulnerabilities

This kernel update provides an upgrade to the 4.14 longterm branch, currently based on 4.14.10. It also fixes at least the following security issues: An elevation of privilege vulnerability in the Broadcom wi-fi driver CVE-2017-0786. Use-after-free vulnerability in the sndpcminfo function in the...

Immunity Canvas: SPECTRE_SAM_LEAK

Name| spectresamleak ---|--- CVE| CVE-2017-5753-1 Exploit Pack| CANVAS Description| Spectre Sam Leak Notes| CVE Name: CVE-2017-5753 Notes: The final version should also handle Windows 2016 and 10. In fact the backend is perfectly working on Windows 2016 but libwincreds is not able to deal with...

MGASA-2018-0050 Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

Updated libxml2 packages fix security vulnerability

Integer overflow in memory debug code in libxml2 before 2.9.5 CVE-2017-5130. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service CVE-2017-15412...

QuarkslaB Dynamic binary Instrumentation: QBDI

QuarkslaB Dynamic binary Instrumentation QBDI is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBD...

Sony Playstation 4 (PS4) 4.05 - Jailbreak WebKit NamedObj Kernel Loader

Sony Playstation 4 PS4 4.05 - Jailbreak WebKit NamedObj Kernel Loader PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking an...

Sony Playstation 4 4.05 FW - Local Kernel Exploit

Exploit for bsd platform in category local exploits PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...

nhk.or.jp XSS vulnerability

Open Bug Bounty ID: OBB-458386 Description| Value ---|--- Affected Website:| nhk.or.jp Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...

Design/Logic Flaw

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...