CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

UBUNTU-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

DEBIAN-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

PSFTPd Windows FTP Server 10.0.4 Build 729 - Log Injection / Use-After-Free Vulnerability

Exploit for windows platform in category dos / poc Multiple Vulnerabilities in PSFTPd Windows FTP Server ===================================================== Overview -------- Confirmed Affected Versions: 10.0.4 Build 729 Confirmed Patched Versions: None Vendor: Sergei Pleis Softwareentwicklung...

Anti-Virus Privileged File Write Vulnerability

Anti-Virus solutions are split into several different components an unprivileged user mode part, a privileged user mode part and a kernel component. Logically the different systems talk to each other. By abusing NTFS directory junctions it is possible from the unprivileged user mode part "the UI"...

Ingenious School Management System 2.3.0 - 'friend_index' SQL injection

Exploit Title: Ingenious School Management System 2.3.0 - SQL injection Date: 01.11.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo: http://iloveprograming.com/view/login.php Version: 2.3.0 Category:...

Google Chrome Information Disclosure Vulnerability (CNVD-2017-33593)

Google Chrome for Linux, Windows, Mac is an American Google Google company developed a Web browser based on Linux, Windows, Mac and Android platforms. An information disclosure vulnerability exists in Google Chrome for Mac, Windows, and Linux platforms. A remote attacker can extract pixel values...

Uniview - Remote Command Execution Export Config (PoC)

Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...

CVE-2017-5113

Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Redmine cross-site scripting vulnerability (CNVD-2017-31955)

Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in Redmine versions prior to 3.2.6 and 3.3.x prior to 3.3.3...

BadRabbit: a closer look at the new version of Petya/NotPetya

Petya/NotPetya aka EternalPetya, made headlines in June, due to it's massive attack on Ukraine. Today, we noted an outbreak of a similar-looking malware, called BadRabbit, probably prepared by the same authors. Just like the previous edition, BadRabbit has an infector allowing for lateral...

X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection

Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...

Incorrect handling of initialization vector in the GCM mode in OpenSSL

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

Buffer overflow

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: PMS. Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality...

Buffer overflow

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: WebConnect. Supported versions that are affected are 8.10.1 and 8.10.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2017-10037

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware subcomponent: Web Service API. Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI...

CVE-2017-10268

Removed by vendor...

DEBIAN-CVE-2017-15574

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment...