EvilOSX

EvilOSX An evil RAT Remote Administration Tool for macOS...

UBUNTU-CVE-2017-15395

A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference...

File Upload Vulnerability in Longcai MX

Longcai MX is a marketing website that caters to consumer needs and buying desires. A file upload vulnerability exists in Loncai MX, where an attacker can construct an upload form to upload a file, and at the same time grab packets to modify the file suffix to further gain control of the web serv...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3544-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3544-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu: Security Advisory (USN-3544-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : mozilla -- multiple vulnerabilities (a891c5b4-3d7a-4de9-9c71-eef3fd698c77)

Mozilla Foundation reports : CVE-2018-5091: Use-after-free with DTMF timers CVE-2018-5092: Use-after-free in Web Workers CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on uninitialized memory...

Mozilla Firefox Security Advisories (MFSA2018-02, MFSA2018-03) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2018-5109

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...

UBUNTU-CVE-2018-5109

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This...

Security vulnerabilities fixed in Firefox 58 — Mozilla

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main...

Shanghai Jumo Information Technology Co., Ltd. radish borrowing APP has information leakage vulnerability

Radish Borrowing APP is a small borrowing money fast installment loan software. Shanghai Jumo Information Technology Co. Radish Borrowing APP has information leakage vulnerability. Attackers can register any account and reset any password by grabbing packets to get verification code...

Meal Chain App Has Multiple Vulnerabilities

Meal Chain APP is an ingredient sourcing platform focusing on the restaurant industry. There are arbitrary user registration and arbitrary password reset vulnerabilities in Meal Chain APP. An attacker can register any account and reset any password by capturing the verification code...

Hangzhou Hechat Technology Co., Ltd. and Hechat APP suffers from arbitrary number registration and arbitrary password reset vulnerability

Wochat App is a business socialization software. Ltd. and Chat APP has an arbitrary number registration and arbitrary password reset vulnerability. The vulnerability is due to the lack of restrictions on verification code verification, an attacker can register any account and reset any password b...

Network Infrastructure Penetration Testing: SPARTA

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

Xplico Arbitrary Command Execution Vulnerability

Xplico is an open source network forensic analysis tool. A security vulnerability exists in versions of Xplico prior to 1.2.1. A remote attacker can exploit this vulnerability to execute arbitrary commands with the help of shell metacharacters in the name of an uploaded PCAP file...

Logic design loopholes in Wuhan Xinhongbo practice teaching management platform

Practice Teaching Management Platform is a comprehensive management platform integrating many functions such as resource construction, teaching practice, top practice, graduation design and experimental teaching counseling. Wuhan Xinhongbo Practice Teaching Management Platform has a logical desig...

DNS Traffic Capture: DNSCAP

dnscap is a network capture utility designed specifically for DNS traffic. It produces binary data in pcap3 and other format. This utility is similar to tcpdump1, but has a number of features tailored to DNS transactions and protocol options. DNS-OARC uses dnscap for DITL data collections. Some o...

Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability

Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code CVE-2016-9445, CVE-2016-9446. Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code CVE-2016-9447...

Two Sides App has an override access vulnerability

Two Sides APP is an emotional, psychological and fun social software launched by Beijing Two Sides Network Technology Co. Two Sides APP 3.0.28 Android version has an override access vulnerability, after logging in to the system, an attacker can log in to other users' systems and perform...

Hefei Yingyun Information Technology Co., Ltd. ordering good APP there is a verification code leakage vulnerability

OrderGood APP is an omni-channel order platform, distribution platform APP. There is a verification code leakage vulnerability in the Ordering Good APP of Hefei Yingyun Information Technology Co. Attackers can log into other user accounts by grabbing packets to get the verification code...