DEBIAN-CVE-2015-8750

libdwarf 20151114 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and crash via a debugabbrev section marked NOBITS in an ELF file...

Fedora 25 : gnome-boxes (2017-fc0140d4c5)

gnome-boxes 3.22.4 release, fixing a possible security issue with storing the express installation password in clear text. - Store the user password in the keyring during an express installation. - Fix typo in debug string in vm-configurator. - Fix printf format strings in the selectiontoolbar...

shopify-scripts: SIGSEGV - mrb_vm_exec - line:1312

PoC ------------------- The following code triggers the bug attached as mrbvmexec.rb: n s s k h GC.start ObjectSpace.eachobject|obj|obj Debug - mirb ------------------- gdb r mrbvmexec.rb The program being debugged has been started already. Start it from the beginning? y or n y Starting program:...

habitation.gouv.qc.ca XSS vulnerability

Open Bug Bounty ID: OBB-211018 Description| Value ---|--- Affected Website:| habitation.gouv.qc.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ontariorvda.ca XSS vulnerability

Vulnerable URL: http://www.ontariorvda.ca/wp-content/plugins/shadowbox-js/shadowbox/player.swf?debug=alert%27openbugbounty%27 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 10857868 VIP website status:| No Check...

Pornhub: Debug.log file Exposed to Public \Full Path Disclosure\

The researcher discovered a debug log file exposing path information...

shopify-scripts: SIGSEGV - vm.c - line:1214

PoC ------------------- The following code triggers the bug attached as testmrbvmexec1214.rb: def test instanceexec do return toenum:==end ensure end test Debug - mirb ------------------- gdb r testmrbvmexec1214.rb Starting program: /home/x/Desktop/research/3fuzz/mruby/bin/mirb testmrbvmexec1214....

SUSE-SU-2017:0292-1 Security update for dbus-1

This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default...

Design/Logic Flaw

An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7PGKT01...

CVE-2017-5594

The Pagekit CMS

CVE-2016-6521

Cross-site request forgery CSRF vulnerability in Grails console aka Grails Debug Console and Grails Web Console 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors...

CVE-2016-6521

CVE-2016-6521: CSRF vulnerability in Grails console (Grails Debug Console / Grails Web Console) versions 2.0.7, 1.5.10 and earlier. It allows remote attackers to hijack user authentication for requests that execute arbitrary Groovy code via unspecified vectors. Affected products/versions are name...

USB Enhanced Performance Keyboard - Lenovo Support US

No description provided...

USB Enhanced Performance Keyboard

Lenovo Security Advisory: LEN-2015-015 Potential Impact: Escalation of Privilege Severity: Low Summary: Lenovo’s “USB Enhanced Performance Keyboard” software has a known issue where debug code was accidently left in the application. The debug code includes information about which keys on the...

PageKit 1.0.10 Password Reset

Exploit Title: Remote PageKit Password Reset Vulnerability Date:a21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7a Contact: http://twitter.com/asecurelayer7 Website: httpas://securelayer7.neta Category: webapps 1. Description Anyremote user can reset...

PageKit 1.0.10 - Password Reset Exploit

Exploit for php platform in category web applications Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​...

PageKit 1.0.10 - Password Reset

Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​ Category: webapps 1. Description Anyremote user can reset...

PageKit 1.0.10 - Password Reset

PageKit 1.0.10 - Password Reset Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​ Category: webapps 1...

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

shopify-scripts: SIGSEGV - mrb_obj_extend - line:413

PoC: ------------------- The following code triggers the bug attached as testmrbobjextend413.rb: module Test end def methodmissingsextendTestend def setva.set0end set0 Mirb - Debug: ------------------- gdb r testmrbobjextend413.rb The program being debugged has been started already. Start it from...