SquirrelMail Cross-Site Scripting Vulnerability (CNVD-2018-17525)

SquirrelMail is a cross-platform use of PHP4 development Webmail mail system . A cross-site scripting vulnerability exists in the email message display page in SquirrelMail 1.4.22 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2018-14950

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "a xlink:href=" attack...

CVE-2018-14954

The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...

SUSE-SU-2018:1507-1 Security update for zziplib

This update for zziplib fixes the following issues: Security issue fixed: - CVE-2018-6542: Reject file if the size of the central directory is too big and display an error message bsc1079094...

CVE-2016-4740

Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors...

douphp /cache 目录物理路径泄漏

漏洞分析 漏洞文件 cache目录下的所有文件 如：admin/backup.htm.php php tplvars'lang''home'; ?//会引起报错 2. 漏洞利用 直接访问 http://www.douco.com/cache/admin/backup.htm.php 然后查看网页源码，泄漏物理路径 3. 漏洞修复 关闭错误信息显示...

cumin: multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...

BlackHole RAT : Mac OS X backdoor Trojan !

'BlackHole' is the latest remote administration tool RAT and is available both in Windows and Mac. Hacktool such RAT employs client-server program that communicates to its victim's machine through its trojan server. The server application is installed on the victim while the client application is...

Mtp-target online game format string bug

Format string bug suring message displying...