2165 matches found
Five Craft Nights - Base64 encoded String, Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Five Craft Nights published at the 'play' market has multiple vulnerabilities...
CVE-2016-0104
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."...
Linux Kernel prima WLAN Driver Heap Overflow
/ Coder: Shawn the R0ck, [email protected] Co-worker: Pray3r, [email protected] Compile: arm-linux-androideabi-gcc wextpoc.c --sysroot=$SYSROOT -pie ./a.out wlan0 Boom......shit happens as always;- / include include include include include include include include typedef unsigned char vU8t; defin...
CVE-2016-2037
The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...
m.crafttechsolutions.com Open Redirect vulnerability
Vulnerable URL: http://m.crafttechsolutions.com/?task=get=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pageran...
CVE-2015-8333
The CVE-2015-8333 issue affects Huawei VCN500: the Operation and Maintenance Unit (OMU) before V100R002C00SPC200 allows remote authenticated users to change the media server IP address via crafted packets due to improper user privileges. The Huawei security advisory HWPSIRT-2015-07045 notes this ...
wiki.industrial-craft.net XSS vulnerability
Vulnerable URL: http://wiki.industrial-craft.net/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:16 GMT Vulnerability type:| XSS...
Apple Safari WebKit Memory Corruption Arbitrary Code Execution Vulnerability (CNVD-2015-08092)
Apple Safari is a WEB browser developed by Apple. An unspecified memory corruption arbitrary code execution vulnerability exists in Apple Safari WebKit, which allows remote attackers to construct a malicious web page and trick users into parsing it, which could crash the application or execute...
CVE-2008-4410
The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where writeldtentry was intended, which allows local users to cause a denial of service persistent application failure via crafted function calls, relat...
Apple QuickTime Memory Corruption Vulnerability (CNVD-2015-04262)
Apple QuickTime is a popular multimedia player. A vulnerability in Apple QuickTime's handling of special movie files allows remote attackers to construct malicious files that can be tricked into being parsed by an application, which can execute arbitrary code in the application context...
Apple QuickTime Memory Corruption Vulnerability (CNVD-2015-04259)
Apple QuickTime is a popular multimedia player. A vulnerability in Apple QuickTime's handling of special movie files allows remote attackers to construct malicious files that can be tricked into being parsed by an application, which can execute arbitrary code in the application context...
Adobe Flash Player ASLR Security Protection Bypass Vulnerability
Adobe Flash Player is a Flash file handling program. Adobe Flash Player suffers from an ASLR security protection bypass that allows remote attackers to construct malicious SWF content and trick users into parsing it, which can be used to bypass restrictions and perform malicious actions...
Libmimedir VCF Memory Corruption PoC
Libmimedir suffers from a memory corruption vulnerability. Adding two NULL bytes to the end of a VCF file allows a user to manipulate free calls which occur during it's lexer's memory clean-up procedure. This could lead to exploitable conditions such as crafting a specific memory chunk to allow f...
Microsoft Internet Explorer MHTML Content Blocks Information Disclosure - Ver2 (CVE-2011-0096)
MHTML MIME Encapsulation of Aggregate HTML is an Internet standard that defines the MIME structure that is used to wrap HTML content. An information disclosure vulnerability has been reported in Microsoft Windows MHTML protocol. The vulnerability is due to the way MHTML interprets MIME-formatted...
Microsoft Internet Explorer Clipboard Information Disclosure (MS15-043: CVE-2015-1692)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer, The vulnerability is due to an improper restriction of access to the clipboard of a user who visits a website. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page...
Microsoft Outlook Web Access Modified Canary Parameter Cross Site Scripting (MS15-026; CVE-2015-1628)
An elevation of privilege vulnerability exists in Microsoft Exchange Server. The vulnerability is caused when Microsoft Exchange Server does not properly sanitize page content in Outlook Web App. A remote attacker can exploit this issue by enticing a victim to open a specially crafted URL...
Webshop hun SQL Injection Vulnerability
Webshop hun is a WEB-based application. Webshop hun suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
grep: denial of service
The bmexectrans function in kwset.c allows local users to cause a denial of service out-of-bounds heap read and crash via crafted input when using the -F option. grep's read buffer is often filled to its full size, except when reading the final buffer of a file. In that case, the number of bytes...
CVE-2015-0882
Multiple cross-site scripting XSS vulnerabilities in zencart-ja aka Zen Cart Japanese edition 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/initincludes/initsanitize.php and...
Ubuntu: Security Advisory (USN-2507-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...