CVE-2018-1743

CVE-2018-1743 affects IBM Security Key Lifecycle Manager. The vulnerability exposes sensitive information to unauthorized users, enabling information disclosure that could support further system attacks. Affected products and versions: IBM Security Key Lifecycle Manager v2.6 (up to 2.6.0.4), v2.7...

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

Substratum Integer Overflow Vulnerability

Substratum SUB is an ethereum-based virtual currency. An integer overflow vulnerability exists in the 'mintToken' function in Substratum's smart contract implementation, which can be exploited by an attacker to control mintedAmount and arbitrarily modify the balance of a user's account...

bojna.hr XSS vulnerability

Open Bug Bounty ID: OBB-679420 Description| Value ---|--- Affected Website:| bojna.hr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

Chaturbate: Forget password link not expiring after email change.

I found a token miss configuration flaw in chaturbate.com, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from setting panel then too that old token reset link sent at old email address remains valid. A...

Design/Logic Flaw

A Pektron Passive Keyless Entry and Start PKES system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two...

MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Software Link: https://www.softneta.com/products/meddream-pacs-server/downloads.html Google Dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone...

CVE-2016-8526

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...

Xxe

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...

Adobe Systems - Arbitrary Code Injection Vulnerability

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Adobe Systems Main lead DBMS Arbitrary Code Injection

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability

Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...

Adobe Acrobat Pro DC U3D PIC Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

PinkyToken Number Error Vulnerability

PinkyToken is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in PinkyToken's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

AT&T Bizcircle Cross Site Scripting

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

1000 Guess has an unspecified vulnerability

1000 Guess is an ethereum-based random number guessing game. A security vulnerability in the 'addguess' function of the implementation of the simplelottery smart contract in 1000 Guess stems from the program's use of publicly readable variables to generate random values. An attacker could exploit...