CVE-2018-10076

An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality the search box of the Dashboard...

GPAC MP4Box Heap Overflow Vulnerability

GPAC is a set of open source multimedia framework . MP4Box is one of the multimedia wrapper . A heap overflow vulnerability exists in the 'urnRead' function in the isomedia/boxcodebase.c file of MP4Box in GPAC version 0.7.1. An attacker can exploit this vulnerability to cause a heap buffer...

Hanno's projects: Reflected xss in Serendipity's /index.php

Summary: There exists a reflected xss threat in https://blog.fuzzing-project.org/index.php?frontpage. Description: By setting the serendipity%5bmultiCat%5d%5b%5d POST input to 1'"&%prompt1 I'm able to trigger a JavaScript prompt box in versions of IE up to and including IE 11. Steps To Reproduce:...

DEBIAN-CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urnRead in isomedia/boxcodebase.c has a heap-based buffer over-read...

UBUNTU-CVE-2018-13005

An issue was discovered in MP4Box in GPAC 0.7.1. The function urnRead in isomedia/boxcodebase.c has a heap-based buffer over-read...

roomersgifts.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-638255 Description| Value ---|--- Affected Website:| roomersgifts.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cross site request forgery (csrf)

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x...

box-it-up.nl Improper Access Control vulnerability

Open Bug Bounty ID: OBB-635074 Description| Value ---|--- Affected Website:| box-it-up.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

Lightweight and Practical Kernel Protector for x86: Shadow-Box

Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor...

Type confusion

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB aka LDAP Tool Box Self Service Password before 1.3 allows a change to a user password without knowing the old password via a crafted POST request, because the ldapbind return value is mishandled and the PHP data type is not constrained to be a string...

CVE-2018-12421

LTB Self Service Password prior to 1.3 has a vulnerability: a crafted POST can change a user’s password without the old one because ldap_bind return value handling and PHP typing are mishandled. Affected product: LTB Self Service Password. CVSS3 base score 9.8 (CRITICAL) with impact to confidenti...

MSTAR Set-Top BOX Command Injection Vulnerability

MSTAR is a set-top box. A command injection vulnerability exists in MSTAR Set-Top BOX. An attacker can exploit the vulnerability to execute arbitrary commands...

ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution

The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable to Universal XSS and Remote Code Execution. Vendor has released software updates to fix both vulnerabilities on 3 June 2018. === Vendor === ClassLink: https://www.classlink.com === Vulnerability 1: Universal XSS throu...

IoT Botnets Found Using Default Credentials for C&C Server Databases

Not following cybersecurity best practices could not only cost online users but also cost cybercriminals. Yes, sometimes hackers don't take best security measures to keep their infrastructure safe. A variant of IoT botnet, called Owari, that relies on default or weak credentials to hack insecure...

Design/Logic Flaw

The Telematics Control Unit aka Telematic Communication Box or TCB, when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network...

CVE-2018-1242

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contains a command injection vulnerability in the Boxmgmt CLI. An authenticated malicious user with boxmgmt privileges may potentially exploit this vulnerability to read RPA files. Note that files th...

WebSocket Live Chat - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebSocket Live Chat - Cross-Site Scripting Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click setting...