PT-2017-18793 · Systemd +2 · Systemd-Resolved +2

Name of the Vulnerable Software and Affected Versions: systemd-resolved versions through 233 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted DNS response with an empty question section. Recommendations: For versions through...

DEBIAN-CVE-2017-9208

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1...

ALPINE-CVE-2017-9208

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service infinite recursion and stack consumption via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1...

WordPress: [mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection

Hi, By injecting a crafted AngularJS payload into the search endpoint on the WordPress Swag Store, it was possible to achieve reflected XSS further to resolved report 221893. I came across a potential exploitation vector after noticing that a search query for 22 returned 4 in the site title...

webmuseum.mit.edu XSS vulnerability

Vulnerable URL: https://webmuseum.mit.edu/results.php?module=%27%22%3E%3Cimg%20src=x%20onerror=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

schaltbau.com XSS vulnerability

Open Bug Bounty ID: OBB-222477 Description| Value ---|--- Affected Website:| schaltbau.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

OPENSUSE-SU-2017:0687-1 Security update for MozillaThunderbird

This update to Mozilla Thunderbird 45.8.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-07 were fixed. boo1028391 In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially...

Rockstar Games: XSS on rockstargames.com

Vulnerability description not provided...

Informatica: [informatica.com]- Information Disclosure

Researcher has identified and reported an information disclosure vulnerability in Informatica's website and helped us in resolving the issue...

OPENSUSE-SU-2017:0357-1 Security update for MozillaThunderbird

This update to Mozilla Thunderbird 45.7.0 fixes security issues and bugs. The following security issues from advisory MFSA 2017-03 were fixed boo1021991 In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but are potentially...

Uber: SMS URL verification link does not expire on phone number change and lacks rate limiting

When verifying your phone number attached to your Uber account, it was possible to re-use an old verification URL to validate a new cell phone number. In addition to this, there was no rate limiting on the SMS verification which allowed for it to be easily brute-forced. The internal team resolved...

Release Notes for Veeam ONE 9.5 Update 1

Challenge Release Notes for Veeam ONE 9.5 Update 1 Cause Please confirm you are running Veeam ONE 9.5 prior to installing this update. You can check this under Help | About in Veeam ONE Monitor Client , the build number should be 9.5.0.xxx. After upgrading, your version build will be 9.5.0.3254...

Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: November 2010

Describes the bugs that are resolved in the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit that is dated November 2010.SummaryThis article describes the issue that is fixed in the cumulative update for Office Communications...

Internet Bug Bounty: Crash (DoS) when parsing a hostile TIFF

The issue was reported and resolved by PHP's security team: Ticket 73737: https://bugs.php.net/bug.php?id=73737 Git Commit: http://git.php.net/?p=php-src.git;a=commit;h=1cda0d7c2ffb62d8331c64e703131d9cabdc03ea The EXIF module in all PHP versions 5.6.9 and below, 7.1.0 and below is vulnerable to a...

SUSE-SU-2016:3079-1 Security update for tomcat

This update for Tomcat provides the following fixes: Feature changes: The embedded Apache Commons DBCP component was updated to version 2.0. bsc1010893 fate321029 Security fixes: - CVE-2016-0762: Realm Timing Attack bsc1007854 - CVE-2016-5018: Security Manager Bypass bsc1007855 - CVE-2016-6794:...

search.visaliatimesdelta.com Open Redirect vulnerability

Vulnerable URL: http://search.visaliatimesdelta.com/sp?sId=0=215468=41931=34=https%3A%2F%2Fwww.openbugbounty.org=112 Details: Description| Value ---|--- Patched:| Yes, at 08.12.2016 Latest check for patch:| 08.12.2016 16:18 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly...

Brave Software: Address Bar Spoofing - Already resolved - Retroactive report

Summary: All details were provided in the original report. You can read it here I'm reporting it here because I asked bcrypt if I should do it and he told me this: F127893 As she said me, I'm reporting here and indicating it's for a retroactive reward. If any identity confirmation or link between...

SUSE-SU-2016:2343-1 Security update for mysql

This mysql update to verson 5.5.52 fixes the following issues: Security issues fixed: - CVE-2016-3477: Fixed unspecified vulnerability in subcomponent parser bsc989913. - CVE-2016-3521: Fixed unspecified vulnerability in subcomponent types bsc989919. - CVE-2016-3615: Fixed unspecified vulnerabili...

Slack: Snooping into messages via email service

@uranium238 discovered a vulnerability with a 3rd party email integration provider which would allow messages in Slack email integrations to be leaked. We worked with the 3rd party to get this issue resolved, and performed a thorough investigation to confirm that this had never been exploited...

SUSE-SU-2016:2000-1 Security update for Linux Kernel Live Patch 4 for SLE 12 SP1

This update for the Linux Kernel 3.12.57-6035 fixes the several issues. These security issues were fixed: - CVE-2016-4470: The keyrejectandlink function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a...