Fedora 28 : systemd (2018-24bd6c9d4a)

Fix a local vulnerability from a race condition in chown-recursive CVE-2018-15687, 1643367 - Fix a local vulnerability from invalid handling of long lines in state deserialization CVE-2018-15686, 1643372 - Fix a remote vulnerability in DHCPv6 in systemd-networkd CVE-2018-15688, 1643362 -...

On premise user enumeration

On premise enumeration of valid exchange users //usr/bin/env go run "$0" "$@"; exit "$?" package main import "crypto/tls" "metasploit/module" "msmail" "net/http" "sort" "strconv" "sync" "time" func main metadata := &module.Metadata Name: "On premise user enumeration", Description: "On premise...

openSUSE Security Update : haproxy (openSUSE-2018-1229)

This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...

Security update for haproxy (important)

This update for haproxy to version 1.8.14 fixes the following issues: These security issues were fixed: - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 - CVE-2018-11469...

Nameles - Open Source Entropy Based Invalid Traffic Detection And Pre-Bid Filtering

Nameles provides an easy to deploy, scalable IVT detection and filtering solution that is proven to detect at a high level of accuracy ad fraud and other types of invalid traffic such as web scraping. For a high level overview you might want to check out the website If you have any questions or...

[SECURITY] Fedora 27 Update: nspr-4.20.0-1.fc27

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

[SECURITY] Fedora 28 Update: nspr-4.20.0-1.fc28

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

QEMU Denial of Service Vulnerability (CNVD-2018-17099)

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the qemu-seccomp.c file in QEMU, which stems from the program incorrectly handling the seccomp policy for...

UBUNTU-CVE-2018-15746

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread...

OracleVM 3.4 : xen (OVMSA-2018-0251) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=18ec2b68e519646188fd26a05b2cd26ebd829035 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional...

OracleVM 3.4 : xen (OVMSA-2018-0246) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=02cec92b3eb1612e37616b10400d82f1e3d8de85 - BUILDINFO: QEMU upstream...

Samsung SmartThings Hub video-core database shard code execution vulnerabilities(CVE-2018-3912 - CVE-2018-3917)

Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer...

Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...

MyBB New Threads Plugin Cross-Site Scripting Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL.New Threads plugin is used in one of the theme plugin. A cross-site scripting vulnerability exists in MyBB New Threads plugin versions prior to 1.2. A remote attacker can exploit this...

[SECURITY] Fedora 27 Update: uwsgi-2.0.17.1-1.fc27

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...

Cross site scripting

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

CVE-2018-14392 corresponds to an XSS vulnerability in the MyBB New Threads plugin (pre-1.2). Affected product/component: MyBB, New Threads plugin for MyBB (PHP/MySQL). Root cause: the thread titles are not properly sanitized, enabling cross‑site scripting. Impact: arbitrary script execution when ...

MyBB New Threads Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 ...