CVE-2018-1000134

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

CVE-2018-1000134

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

Spelevo Exploit Kit Landing Page

Spelevo exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

mctic.gov.br XSS vulnerability

Open Bug Bounty ID: OBB-577957 Description| Value ---|--- Affected Website:| mctic.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

GrandSoft Exploit Kit Gate

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GrandSoft Exploit Kit Gate

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GrandSoft Exploit Kit Landing Page

GrandSoft exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

The vulnerability of the Qualcomm Multimode Core Protocol (MMCP) in the Android operating system allows a hacker to trigger buffer overflows.

The vulnerability of the Qualcomm Multimode Core Protocol MMCP in the Android operating system arises due to buffer overflows during the processing of messages from additional services. Exploiting this vulnerability can allow a malicious actor to trigger buffer overflows remotely...

February 2018 security update release

Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this...

kg2pro.com XSS vulnerability

Open Bug Bounty ID: OBB-551080 Description| Value ---|--- Affected Website:| kg2pro.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

iri.centrepompidou.fr XSS vulnerability

Open Bug Bounty ID: OBB-549398 Description| Value ---|--- Affected Website:| iri.centrepompidou.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Buffer overflow

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications subcomponent: SilverWhere. The supported version that is affected is 8.0.78. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

fr.jollychic.com XSS vulnerability

Open Bug Bounty ID: OBB-530190 Description| Value ---|--- Affected Website:| fr.jollychic.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-2583

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Stored Procedure. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

Fedora 27 : webkitgtk4 (2017-3433c9245d)

This update addresses the following vulnerabilities : - CVE-2017-13798, CVE-2017-13788, CVE-2017-13803 Additional fixes : - Improve calculation of font metrics to prevent scrollbars from being shown unnecessarily in some cases. - Fix handling of null capabilities in WebDriver implementation. Note...

suttontools.com XSS vulnerability

Open Bug Bounty ID: OBB-522559 Description| Value ---|--- Affected Website:| suttontools.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

[SECURITY] Fedora 26 Update: evince-3.24.2-2.fc26

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

Ruby on Rails: ActionController::Parameters .each returns an unsafe hash

Rails 5.1.4 The goal of ActionController::Parameters's permit method strong parameters is to prevent accidental trust in the parameters sent by the client. We can therefore not simply create a hash of all the parameters in the params without permitting them first. When we really want to do this...

HackerOne: Introspection query leaks sensitive graphql system information.

Summary: Interospection query leaks sensitive data. Introduction As we know graphql was initially developed and used by facebook as an internal query language and so the features of graphql mostly revolve around internal and development areas. Graphql executes queries using a type system with the...

jobs.hunkemoller.com XSS vulnerability

Open Bug Bounty ID: OBB-418360 Description| Value ---|--- Affected Website:| jobs.hunkemoller.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...