CVE-2018-7337

In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs...

CVE-2017-12532

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12525

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12493

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

Remote code execution

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

Remote code execution

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

CVE-2017-12508

A Remote Code Execution vulnerability in HPE Intelligent Management Center iMC PLAT version PLAT 7.3 E0504 was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 E0506 or any subsequent version...

vfwstore.org XSS vulnerability

Open Bug Bounty ID: OBB-557984 Description| Value ---|--- Affected Website:| vfwstore.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Ubuntu: Security Advisory (USN-3558-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HubSpot: Reflected XSS and Server Side Template Injection in all HubSpot CMSes

Really I don't know why BugCrowd team closed my submission as N/A F337815 They mentioned that Not in Scope ?! So I reported it again in another submission But this Time I messaged the Security Company Directly and triaged and Fixed in 2 Days . Full Poc : I was found in this path /hcms/cta so this...

Fedora 27 : systemd (2017-6263c938c7)

Use infinite timeouts for passwords during boot when JobTimeoutSec=0 - Some tty utf8-mode fixes - Only send one auxillary fd set over dbus - Various network-manager crash and spurious assert fixes - Do not remount network filesystems ro during shutdown and unmount DM devices better - Fix...

hockeyvl.be XSS vulnerability

Open Bug Bounty ID: OBB-511441 Description| Value ---|--- Affected Website:| hockeyvl.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Release Notes for Veeam ONE 9.5 Update 3

Challenge Release Notes for Veeam ONE 9.5 Update 3 Cause Please confirm you are running Veeam ONE 9.5 prior to installing this update. You can check this under Help | About in Veeam ONE Monitor Client , the build number should be 9.5.0.3201 or 9.5.0.3254. After upgrading, your version build will ...

WebKitGTK+: Multiple vulnerabilities

Background WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. Description Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the...

eurosvet.ru XSS vulnerability

Open Bug Bounty ID: OBB-449152 Description| Value ---|--- Affected Website:| eurosvet.ru Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Directory Traversal

hug is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of checks on the resolved directory...

systemd Network Name Resolution Manager NSEC Resource Record Pseudo-Types Denial of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of systemd Network Name Resolution Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NSEC resource records in...

tnftp - 'savefile' Arbitrary Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...

tnftp (savefile) Arbitrary Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the las...

tnftp "savefile" Arbitrary Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...