Dashlane Local Privilege Vulnerability

Dashlane is a system security software for the mobile platform from Dashlane Inc. There is a security vulnerability in Dashlane. A local attacker can exploit this vulnerability by placing the WINHTTP.dll file in the %APPDATA%Dashlane directory...

CVE-2017-0602

An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions:...

CVE-2016-5059

OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information by reading screenshots under /private/var/mobile/Containers/Data/Application...

[SECURITY] Fedora 23 Update: kf5-knewstuff-5.24.0-1.fc23

KDE Frameworks 5 Tier 3 module for downloading and sharing additional application data like plugins, themes, motives, etc...

[SECURITY] Fedora 24 Update: kf5-knewstuff-5.24.0-1.fc24

KDE Frameworks 5 Tier 3 module for downloading and sharing additional application data like plugins, themes, motives, etc...

Microsoft Windows Cipher Suites For FalseStart MiTM Vulnerability (3155527)

This host is missing a security update according to Microsoft Security Advisory 3155527 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mail.ru: Множественные уязвимости приложения Mail.Ru Почта (Android)

Few mistakenly exported Content providers and activities are reported to have vulnerabilities, allowing application data access and manipulation. This report was marked as a duplicate due to known fact activities and content providers are exported by mistake fix is under development...

Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'Java Secure Socket Extension JSSE SKIP-TLS MITM Proxy', 'Description' = %q This module exploits an incomplete...

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'OpenSSL Alternative Chains Certificate Forgery MITM Proxy', 'Description' = %q This module exploits a logic error ...

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake...

Vulnerability in OpenSSL - Invalid free in DTLS

This vulnerability does not affect current versions of OpenSSL. It existed in previous OpenSSL versions and was fixed in June 2014. If a DTLS peer receives application data between the ChangeCipherSpec and Finished messages, buffering of such data may cause an invalid free, resulting in a...

AppUse - Android Pentest Platform Unified Standalone Environment

AppUse Virtual Machine, developed by AppSec Labs, is a unique and free system, a platform for mobile application security testing in the android environment, and it includes unique custom-made tools. Faster & More Powerful The system is a blessing to security teams, who from now on can easily...

EagleGet 1.1.8.1 - Denial of Service Exploit

No description provided by source. Exploit Title: EagleGet 1.1.8.1 DoS Exploit Date: 03 April 2014 Exploit Author: Interference Security Vendor Homepage: http://www.eagleget.com/ Software Link: http://www.eagleget.com/download/ Version: 1.1.8.1 Tested on: Microsoft Windows XP SP3 print Crash PoC...

Hogstorps Guestbook 2.0 Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18205/info Hogstorps guestbook is prone to an access-authorization vulnerability. The issue occurs because the affected script fails to prompt for authentication credentials. An attacker can exploit this issue to delete a...

PunBB 1.2.x Search.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15114/info PunBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result...

EagleGet 1.1.8.1 - Denial of Service

EagleGet 1.1.8.1 - Denial of Service Exploit Title: EagleGet 1.1.8.1 DoS Exploit Date: 03 April 2014 Exploit Author: Interference Security Vendor Homepage: http://www.eagleget.com/ Software Link: http://www.eagleget.com/download/ Version: 1.1.8.1 Tested on: Microsoft Windows XP SP3 print " Crash...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users ...

SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities

SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/55347/info SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data. Attackers can...

CVE-2012-3368

Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach...

phpCollab 2.5 - Direct Request Multiple Protected Page Access

phpCollab 2.5 - Direct Request Multiple Protected Page Access source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to...