CVE-2017-18647

An issue was discovered on Samsung mobile devices with M6,x and N7.0 software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 November 2017...

Code injection

An issue was discovered on Samsung mobile devices with N7.x software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 November 2017...

Race condition

An issue was discovered on Samsung mobile devices with M6,x and N7.0 software. The TA Scrypto v1.0 implementation in Secure Driver has a race condition with a resultant buffer overflow. The Samsung IDs are SVE-2017-8973, SVE-2017-8974, and SVE-2017-8975 November 2017...

UBUNTU-CVE-2017-5731

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access...

November 2, 2017—KB4049370 (OS Build 15063.675)

November 2, 2017—KB4049370 OS Build 15063.675 Improvements and fixes This release is intended for Microsoft Surface Laptop audiences only. This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where...

Charles Proxy 4.2 Local Root Privilege Escalation

Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets and use its custom root CA to decode the SSL...

Buffer Overflow Vulnerability in Multiple WECON Products

WECON LeviStudio HMI Editor and PI Studio HMI Project Programmer are both HMI programming software from WECON Technologies, China. A buffer overflow vulnerability exists in WECON LeviStudio HMI Editor and PI Studio HMI Project Programmer versions prior to November 11, 2017 . A remote attacker can...

Geovision Inc. IP Camera & Video - Remote Command Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...

Geovision Inc. IP Camera & Video - Remote Command Execution

!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...

Fixed in Apache Tomcat Native Connector 1.2.16

Note: The issue below was fixed in Apache Tomcat Native Connector 1.2.15 but the release vote for the 1.2.15 release candidate did not pass. Therefore, although users must download 1.2.16 to obtain a version that includes the fix for this issue, version 1.2.15 is not included in the list of...

CVE-2017-17631

creationtimestamp| type| source ---|---|--- 2017-12-11 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43299...

runnersworld.co.za XSS vulnerability

Open Bug Bounty ID: OBB-444646 Description| Value ---|--- Affected Website:| runnersworld.co.za Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

faq.dokom.net XSS vulnerability

Open Bug Bounty ID: OBB-444306 Description| Value ---|--- Affected Website:| faq.dokom.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

desibombs.com XSS vulnerability

Open Bug Bounty ID: OBB-442292 Description| Value ---|--- Affected Website:| desibombs.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat She...

search-il.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-440394 Description| Value ---|--- Affected Website:| search-il.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerab...

torrentdownload.unblocked.pl XSS vulnerability

Vulnerable URL: https://torrentdownload.unblocked.pl/search?q=%3Cimg%20src=x%20onerror=alert%27openbugbounty%27%3E\n Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| N...

karriereservice.de XSS vulnerability

Open Bug Bounty ID: OBB-440121 Description| Value ---|--- Affected Website:| karriereservice.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mudcat.org XSS vulnerability

Open Bug Bounty ID: OBB-439924 Description| Value ---|--- Affected Website:| mudcat.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2017-11870

creationtimestamp| type| source ---|---|--- 2017-11-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43182...

CVE-2017-16953

creationtimestamp| type| source ---|---|--- 2017-11-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43188...