Information disclosure

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."...

CVE-2016-0141

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."...

CVE-2016-0141

CVE-2016-0141 is a Microsoft Office information-disclosure vulnerability. The issue arises in Visual Basic macros for Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016, where saving a document exports a certificate-store private key. The underlying risk is exposure of the user’s private key to an att...

Debian DLA-604-1 : ruby-actionpack-3.2 security update

Multiple vulnerabilities have been discovered in ruby-actionpack-3.2, a web-flow and rendering framework and part of Rails : CVE-2015-7576 A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare...

Nextcloud: Information Disclosure of .htaccess file in Private Server/Subdomain

@ahsantahir reported a missing permission check on an internal service allowing the extraction of the .htaccess file. We've fixed this by adjusting the Apache configuration and putting Basic Auth in front of the page. On request of the reporter this is disclosed limitedly. Non-Critical, small...

Microsoft Edge browser vulnerability, which allows a hacker to obtain confidential information from the process memory

The vulnerability of the VBScript kernel in Microsoft Edge browsers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted web pa...

Vulnerabilities of Microsoft Edge and Internet Explorer browsers, which allow attackers to trigger service failures or execute arbitrary code.

The vulnerability of JScript 9, VBScript, and Chakra JavaScript in Microsoft Edge and Internet Explorer browsers is due to buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory corruption through a specially crafted web page...

Ian Dunn: [Not just a server configuration issue] Full Path Disclosure

Hey, I've just found a 'full path disclosure' in basic-google-maps-placemarks, so it's not just a server configuration issue! I've tested it on different servers including windows, ubuntu, CentOS etc.. PoC So, if we visit wp-content/plugins/basic-google-maps-placemarks/unit-tests.php it is clearl...

Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String

Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...

Axis Communications MPQT/PACS SSI Remote Format String / Code Execution

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

Nextcloud: The application uses basic authentication.

Basic authentication is enabled on file access requests ==================== Description --------------------- Basic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here - OWASP: Basic Authentication. Though...

CVE-2016-3248

The Microsoft 1 JScript 9, 2 VBScript, and 3 Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting...

Microsoft Scripting Engine Memory Corruption Vulnerability (CNVD-2016-04792)

Microsoft Internet Explorer IE is a web browser developed by Microsoft, and is the default browser that comes with the Windows operating system.Microsoft VBScript known as Visual Basic Script is a scripting language, and is also the default programming language for ASP dynamic web pages. JScript ...

Logstash 2.3.3 Elasticsearch Output Vulnerability

Hi all, we would like to announce a security vulnerability we discovered in our testing. Logstash 2.3.4 has been released with a patch to fix this. Issue Prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the proftpd-basic package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Fierce - A DNS Reconnaissance Tool for Locating Non-Contiguous IP Space

First, credit where credit is due, fierce was originally written by RSnake along with others at http://ha.ckers.org/ . This is simply a conversion to Python 3 to simplify and modernize the codebase. The original description was very apt, so I'll include it here: Fierce is a semi-lightweight scann...

Nextcloud: Bruteforce attack is possible on newsletter.nextcloud.com

Since HTTP Basic authentication is used on https://newsletter.nextcloud.com, This type of authentication is vulnerable to Bruteforce attack. refer the attachment below F100241 refer the attachment below F100240 Attacking via metasploit auxilary scanner httplogin: refer the attachment below F10023...

Logstash Logs Sensitive Information

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials...

CVE-2016-2298

Summary of CVE-2016-2298 (Meteocontrol WEB’log) : Affects WEB’log Basic 100, Light, Pro, and Pro Unlimited. The issue is Information Exposure via cleartext data stored or transmitted by the application, driven by an improper access control / authentication bypass vulnerability. Remote attackers c...