Design/Logic Flaw

A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpldoTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

PETRAWARE Technologies pTransformer Advanced Document Capture SQL Injection Vulnerability

PETRAWARE Technologies pTransformer Advanced Document Capture ADC is a suite of advanced document capture and categorization solutions from PETRAWARE Technologies, Malaysia. The product supports distributed document capture, automatic indexing, optical character recognition and automatic data...

Denial Of Service (DoS)

Thunderbird, Firefox ESR and Firefox are vulnerable to denial of service attacks. A segmentation fault may occur in the media recorder when the track type is changed during capture allowing remote unauthenticated attacker to cause a system hang by exploiting the vulnerable Capture Handler compone...

Fedora Update for tcpreplay FEDORA-2019-e40253f67e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for sos-collector FEDORA-2018-672c028631

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-4069

An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker can listen to network traffic upstream from the device to...

Denial Of Service (DoS)

QEMU is vulnerable to denial of service attacks. A remote attacker could cause memory exhaustion resulting in denial of service. The vulnerability exists in the file audio/audio.c of the component Audio Capture and exploitable via repeatedly starting and stopping audio capture...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting XSS flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

Denial Of Service (DoS)

Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF Extensible Record Format capture files. If Wireshark opened a...

HostHunter - A Recon Tool For Discovering Hostnames Using OSINT Techniques

A tool to efficiently discover and extract hostnames over a large set of target IP addresses. HostHunter utilises simple OSINT techniques. It generates a CSV file containing the results of the reconnaissance. Taking screenshots was also added as a beta functionality. Demo Currently GitLab's marku...

Input validation

A missing permission check in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptordoTestTowerConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

CVE-2018-14983

The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework i.e., systemserver with a package name of android versionCode=24, versionName=7.0 that has been modified by Sony or another entity in the supp...

CARBANAK Week Part Four: The CARBANAK Desktop Video Player

Part One, Part Two and Part Three of CARBANAK Week are behind us. In this final blog post, we dive into one of the more interesting tools that is part of the CARBANAK toolset. The CARBANAK authors wrote their own video player and we happened to come across an interesting video capture from CARBAN...

[SECURITY] Fedora 29 Update: wireshark-3.0.1-1.fc29

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

Overstepping Access Vulnerability in China Postal Express App

CPSE APP is a 24-hour courier self-service courier software. An override access vulnerability exists in China Post Express & Easy APP. The attacker obtains other users' information by grabbing packets and intercepting modifications...

Cross site request forgery (csrf)

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...

Input validation

A missing permission check in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another...

CVE-2019-10300

A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfigdoTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing...