1575 matches found
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow Exploit Title: Socusoft Photo 2 Video Converter v8.0.0 Local Buffer Overflow Free and Professional variants Date: 01/12/2017 Exploit Author: Jason Magic ret2eax Vendor Homepage: www.socusoft.com Version: 8.0.0 Tested on: Windows Serve...
[SECURITY] Fedora 27 Update: python-werkzeug-0.12.2-1.fc27
Werkzeug =3D=3D=3D=3D=3D=3D=3D=3D Werkzeug started as simple collection of various utilities for WSGI applications and has become one of the most advanced WSGI utility modules. It includes a powerful debugger, full featured request and response objects, HTTP utilities to handle entity tags, cache...
FreeBSD -- Kernel data leak via ptrace(PT_LWPINFO)
Problem Description: Not all information in the struct ptracelwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of informatio...
[SECURITY] Fedora 26 Update: seamonkey-2.49.1-1.fc26
SeaMonkey is an all-in-one Internet application suite. It includes a browser, mail/news client, IRC client, JavaScript debugger, and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite...
Pallets Flask Pallets Werkzeug Cross Site Scripting Vulnerability
Pallets Flask is a Python-based web application development tool from the Pallets project.Pallets Werkzeug is one of the WSGI toolkits. A cross-site scripting vulnerability exists in the 'renderfull' function of the debug/tbtools.py file of the debugger for Pallets Flask and other products used i...
Cross site scripting
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
DEBIAN-CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
CVE-2016-10516
Affected software: Pallets Werkzeug (Python library) used by Flask. Vulnerable path: render_full in debug/tbtools.py. Root cause: improper validation of user-supplied input via an exception message, enabling cross-site scripting (XSS). Impact: remote attacker could inject arbitrary script into a ...
CVE-2016-10516
Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...
Infogram: Stored Cross-Site scripting in the infographics using links
Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...
NET Debugger & Assembly Editor: dnSpy
dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor and more and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies eg. malware without crashing...
CVE-2017-14770
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...
CVE-2017-14773
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker...
CVE-2017-14770
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...
CVE-2017-14773
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. The vulnerability can only be exploited by a local authenticated attacker...
Information disclosure
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process...