3641 matches found
[SECURITY] Fedora 23 Update: shellinabox-2.19-1.fc23
Shell In A Box implements a web server that can export arbitrary command li ne tools to a web based terminal emulator. This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins...
AVM FRITZ!Box: Arbitrary Code Execution Via Firmware Images
Advisory: AVM FRITZ!Box: Arbitrary Code Execution Through Manipulated Firmware Images The firmware upgrade process of the FRITZ!Box 7490 is flawed. Specially crafted firmware images can overwrite critical files. Arbitrary code can get executed if an attempt is made to install such a manipulated...
AVM FRITZ!Box: Buffer Overflow
Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Details ======= Product: AVM FRITZ!Box...
AVM FRITZ!Box 6.30 - Remote Buffer Overflow
AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...
AVM FRITZ!Box < 6.30 - Remote Buffer Overflow
Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. Details ======= Product: AVM FRITZ!Box...
Multiple AVM FRITZ!Box Remote Code Execution
Several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Pornhub: Cross Site Scripting - On Mouse Over, Blog page
The researcher identified that the following URL for the Pornhub user was vulnerable to reflected/semi-stored cross site scripting, which enabled the researcher to craft a URL that pops an alert box upon mousing over the language selection at bottom of page. The affected url can be seen below:...
Pornhub: [xss, pornhub.com] /user/[username], multiple parameters
The researcher identified that the following URL for the Pornhub user was vulnerable to reflected/semi-stored cross site scripting, which enabled the researcher to craft a URL that pops an alert box upon mousing over the language selection at bottom of page. The affected url can be seen below:...
CVE-2005-1797
The design of Advanced Encryption Standard AES, aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations...
Mozilla: Dragging and dropping images exposes final URL after redirects (MFSA 2015-110)
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...
The vulnerability of the iOS operating system allows a hacker to replace the dialog boxes of arbitrary applications.
The vulnerability of the SpringBoard component in the iOS operating system is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to replace the dialog windows of arbitrary applications with a specially crafted application...
UBUNTU-CVE-2015-4519
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element...
Box Login Detection (deprecated)
Binary data 8873.prm...
[SECURITY] Fedora 21 Update: drupal6-views_bulk_operations-1.17-1.fc21
This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...
Fluorite A1 Internet Alarm box crack details analysis-vulnerability warning-the black bar safety net
Fluorite is Hikvision's safety of life service brand,for the home and small business users with Visual security as the Foundation of caring, communication, sharing service. Fluorite business covers the fluorite cloud video APP, fluorite cloud video services platform, a series of Internet...
Zaption: XSS - Gallery Search Listing
HI. If you upload video having title with XSS payload. and search for the video, the dropdown listing will execute the payload. https://www.zaption.com/gallery/search?q=%3E%3Cimg I need not to upload the payload, I utilized already uploaded videos. You can also execute the payload by just start...
[SECURITY] Fedora 22 Update: drupal7-views_bulk_operations-3.3-1.fc22
This module augments Views by allowing bulk operations to be executed on the displayed rows. It does so by showing a checkbox in front of each node, and adding a select box containing operations that can be applied. Drupal Core or Rules actions can be used. This package provides the following...
WordPress Plugmatter Optin Feature Box Plugin <= 2.0.13 - SQL Injection
Because of this vulnerability, unauthenticated attackers can execute arbitrary SQL commands via "pmfbtid" parameter. Solution Update the plugin...
NewStatPress <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
The NewStatPress plugin utilizes on lines 28 and 31 of the file ‘includes/nspsearch.php’ several variables from the $GET scope, without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to trigger ...
WordPress StageShow 5.0.8 Open Redirect
Title: Open redirect vulnerability in StageShow Wordpress plugin v5.0.8 Submitter: Nitin Venkatesh Product: StageShow Wordpress Plugin Product URL: https://wordpress.org/plugins/stageshow Vulnerability Type: URL Redirection to Untrusted Site 'Open Redirect' CWE-601 Affected Versions: v5.0.8 and...