CyberChef - The Cyber Swiss Army Knife [A Web App For Encryption, Encoding, Compression And Data Analysis]

The Cyber Swiss Army Knife CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression an...

Multiple AVM FRITZ!Box VoIP Remote Denial of Service Vulnerability

Multiple AVM FRITZ!Box devices are prone to a Denial of Service. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:avm:fritz%21os";...

AVM FRITZ!Box Firmware Signature Bypass

Multiple AVM FRITZ!Box devices are using an improper verification of cryptographic signatures. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2018-17046

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

Hardcoded credentials

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

CVE-2018-14901

The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services...

Node.js third-party modules: Reflected XSS in the npm module express-cart.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report Reflected XSS in...

CVE-2018-11617

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-5544

When the F5 BIG-IP APM 13.0.0-13.1.1 or 12.1.0-12.1.3 renders certain pages pages with a logon agent or a confirm box, the BIG-IP APM may disclose configuration information such as partition and agent names via URI parameters...

WAScan v0.2.1 - Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...

Khan Academy: POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter

Hey there, while testing your program I came across a XSS vulnerability in the search area of your website. The vector uses HTTP POST request and the parameter is "pagesearchquery"" on www.khanacademy.org.tr/arama.asp In the next topics I will demonstrate how you can reproduce the vulnerability...

KLA11295 Multiple vulnerabilities in Oracle Virtual Box

Multiple serious vulnerabilities were found in Virtual Box. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions and read local files. Below is a complete list of vulnerabilities: 1. Vulnerability in the Oracle VM VirtualBox component of Oracl...

PEPPERL+FUCHS VisuNet RM, VisuNet PC, and Box Thin Client

1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: PEPPERL+FUCHS Equipment: VisuNet RM, VisuNet PC, Box Thin Client BTC Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attackers to intercept sensitive communications, establish a...

UBUNTU-CVE-2018-14326

In MP4v2 2.0.0, there is an integer overflow with resultant memory corruption when resizing MP4Array for the ftyp atom in mp4array.h...

U.S. Dept Of Defense: sql injection on /messagecenter/messagingcenter at https://www.███████/

Hi , i would like to report an issues that lead to SQL injection in search box at https://www.████/messagecenter/messagingcenter , if you add the character ' that usually used to test if the site have in sql injection the site will return with Incorrect syntax error that can confirm the site is...

May 17, 2018—KB4103722 (OS Build 15063.1112)

May 17, 2018—KB4103722 OS Build 15063.1112 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses additional issues with updated time zone information. Addresses an issue that causes...

Apache PDFBox's AFMParser Denial of Service Vulnerability

Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. A denial-of-service vulnerability exists in Apache PDFBox's AFMParser, where an...

UBUNTU-CVE-2018-8036

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted or fuzzed file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser...