RoundCube Webmail Cross-Site Scripting Vulnerability (CNVD-2016-02711)

RoundCube Webmail is a browser-based IMAP client mail client. A cross-site scripting vulnerability exists in RoundCube Webmail, which can be exploited to inject arbitrary web script or HTML with the help of specially crafted Svg image files...

PT-2017-8454

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.0.9 Roundcube Webmail versions 1.1.x prior to 1.1.5 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted SVG. Recommendations For versio...

Buffer overflow

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment...

CVE-2016-0651

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer...

CVE-2016-0641

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM...

CVE-2016-0658

Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer...

CVE-2016-2103

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the list1680466951oldfilterval parameter to systems/PhysicalList.do or 2 unspecified vectors involving systems/VirtualSystemsList.do...

Fedora Update for webkitgtk FEDORA-2016-9

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2016-1033

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-1012,...

Hexchat IRC Client 2.11.0 - Directory Traversal

Hexchat IRC Client 2.11.0 - Directory Traversal !/usr/bin/python Meta information Exploit Title: Hexchat IRC client - Server name log directory traversal Date: 2016-01-26 Exploit Author: PizzaHatHacker Vendor Homepage: https://hexchat.github.io/index.html Software Link:...

vector-tr.com XSS vulnerability

Vulnerable URL: http://www.vector-tr.com/ara?urunkod=%22%3E%3Cscript%3Ealert%28/XSSPOSED/%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:13 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

CVE-2015-1805

The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...

+90 Vector - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application +90 Vector published at the 'play' market has multiple vulnerabilities...

Vector - Customized SSL, Dangerous filesystem permissions, Hardcoded secrets vulnerabilities

HackApp vulnerability scanner discovered that application Vector published at the 'play' market has multiple vulnerabilities...

FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)

The botan developers reports : Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer...

New Relic: rpm.newrelic.com - monitor creation to other accounts

It is possible to create monitors for other users by changing the user id in the body of the post request when creating a new monitor. Even though my tests were unsuccessful in a XSS on the monitor information, it may be an attack vector to other vulnerabilities since the monitor information show...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the nsScannerString::AppendUnicodeTo function in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, arises due to buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory exhaustion ...

FreeBSD : activemq -- Unsafe deserialization (a258604d-f2aa-11e5-b4a9-ac220bdcec59)

Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports : JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...

Comodo AntiVirus - Heap Overflow in LZX Decompression

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=737 LzxDecoder::init initializes the vector LzxDecoder-window to a fixed size of 2^method bytes, which is then used during LzxDecoder::Extract. It's possible for LZX compressed streams to exceed this size. Writes to the window buff...

Netgear ReadyNAS Remote Code Execution

Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance ========================================================================= Product Description =================== Netgear ReadyNAS Surveillance is a NVR Network Video Recorder available for Netgear NAS systems. Vulnerabilit...