spessart-therme.de XSS vulnerability

Vulnerable URL: https://www.spessart-therme.de/suchergebnis.html?txindexedsearchsword=%22%3Etrolo%3Ci%3Etralala%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:|...

Mozilla Firefox Buffer Overflow Read Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. Mozilla Firefox suffers from a buffer overflow read vulnerability that could allow an attacker to read a buffer overflow...

CVE-2016-10166

Integer underflow in the gdContributionsAlloc function in gdinterpolation.c in the GD Graphics Library aka libgd before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable...

DEBIAN-CVE-2017-6317

Memory leak in the addshaderprogram function in vrendrenderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service host memory consumption via vectors involving the sprog variable...

Windows Graphics Component Remote Code Execution Vulnerability

A remote code execution vulnerability exists due to the way the Windows Graphics Component handles objects in memory. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or creat...

APNGDis 2.8 - 'filename' Stack Buffer Overflow (PoC)

Exploit Title: APNGDis filename Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian / Windows 7 CVE : CVE-2017-6191 Additional...

[SECURITY] Fedora 24 Update: libwmf-0.2.8.4-50.fc24

A library for reading and converting Windows MetaFile vector graphics WMF...

Cross site scripting

An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application...

CVE-2017-6506

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 aka "Service ready" string...

CVE-2017-6506

In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 aka "Service ready" string...

Cross site scripting

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document...

CVE-2017-5836

The plistfreedata function in plist.c in libplist allows attackers to cause a denial of service crash via vectors involving an integer node that is treated as a PLISTKEY and then triggers an invalid free...

WordPress VaultPress 1.8.4 Remote Code Execution / Man-In-The-Middle

------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack ------------------------------------------------------------------------ David Vaartjes, July 2016...

Atheme IRC Services Denial of Service Vulnerability

Atheme IRC Services is a portable and secure IRC service set that runs on many IRCs. A denial of service vulnerability exists in Atheme IRC Services. An attacker can exploit the vulnerability to launch a denial of service attack...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

X.org Privilege Escalation / Use-After-Free / Weak Entropy Vulnerabilities

Exploit for windows platform in category local exploits Multiple Vulnerabilities in X.org ================================= Overview -------- Vendor: X.org/Freedesktop.org Vendor URL: https://www.x.org/wiki/ Credit: X41 D-Sec GmbH, Eric Sesterhenn Advisory-URL:...

CVE-2016-6485

The construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value...

CVE-2016-9820

libavcodec/mpegvideomotion.c in libav 11.8 allows remote attackers to cause a denial of service crash via vectors involving left shift of a negative value...

CVE-2017-5885

Multiple integer overflows in the 1 vncconnectionservermessage and 2 vnccolormapset functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service crash or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow...

DEBIAN-CVE-2016-5240

The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service infinite loop by converting a circularly defined SVG file...