Cisco Enterprise NFV Infrastructure Software Secure Copy Protocol Server Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from the U.S.-based Cisco. The platform enables full lifecycle management of virtualization services through a central coordinator and controller. secure copy protocol SCP server is one of the...

S/MIME Information Disclosure Vulnerability

S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. An attacker could exploit the vulnerability to obtain a message in plaintext form from an encrypted message...

Phishing Spy Campaign Targets Top Mideast Officials

Researchers have discovered a phishing campaign that infected Android devices with custom surveillance-ware bent on extracting data from top officials, primarily in the Middle East. Researchers at Lookout Security told Threatpost that the tool, dubbed Stealth Mango, has been used to collect over ...

Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel 2010 SP2, etc. are all products of Microsoft Corporation USA.Microsoft Excel 2010 SP2 is a set of spreadsheet processing software in the Office suite.Office 2016 Click-to-Run C2R is a set of office software suite products. An information disclosure vulnerability exists in Microsof...

DEBIAN-CVE-2017-12086

An exploitable integer overflow exists in the 'BKEmeshcalcnormalstessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the...

Buffer overflow

bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlcbdtforwardnpdu calls bvlcencodeforwardednpdu which copies the content from...

shershegoes.com XSS vulnerability

Open Bug Bounty ID: OBB-603986 Description| Value ---|--- Affected Website:| shershegoes.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-08762)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the Windows system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel. An attacker can exploit this vulnerability by logging on...

Directory Traversal Vulnerability in GxlcmsQY System

GxlcmsQY system is a simple program tailored for business users. A directory traversal vulnerability exists in GxlcmsQY System\Lib\Lib\Action\Admin\PicAction.class.php. An attacker can exploit this vulnerability to obtain sensitive information...

osCommerce 2.3.4.1 - Remote Code Execution

Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...

Drupal core Remote Code Execution(CVE-2018-7600) (Drupalgeddon2)

Two weeks ago, a highly critical 21/25 NIST rank vulnerability, nicknamed Drupalgeddon 2 SA-CORE-2018-002 / CVE-2018-7600, was disclosed by the Drupal security team. This vulnerability allowed an unauthenticated attacker to perform remote code execution on default or common Drupal installations...

Open-AuditIT Professional 2.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting XSS Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/...

Stellar.org: Exploitable vulnerability in SDEX

Hi, Last Thursday I discovered the exploitable vulnerability in SDEX. I immediately reported the bug directly to Jed by email and he confirmed it. It's all about rounding during trades. You see, I found that orders are always executed if the price matches market, even if the amount is as small as...

Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2018-06800)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An information disclosure vulnerability exists in Microsoft Windows kernel, which arises from a program's failure to properly filter objects in...

rubygem-will_paginate: XSS vulnerabilities

It was found that ruby willpaginate is vulnerable to a XSS via malformed input that cause pagination to occur on an improper boundary. This could allow an attacker with the ability to pass data to the willpaginate gem to display arbitrary HTML including scripting code within the web interface...

Geldkarte - transaktionsid Cross Site Scripting Vulnerability

Document Title: =============== Geldkarte - transaktionsid Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2118 Release Date: ============= 2018-02-20 Vulnerability Laboratory ID VL-ID:...

Multi Language Olx Clone Script 2.0.7 Cross Site Scripting

Exploit Title: Multi Language Olx Clone Script - Stored XSS Date: 08.02.2018 Exploit Author: Varun Bagaria Web: Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/olx-clone/ Category: Web Application Version:2.0.6 Tested on: Windows 7 CVE: NA...

Apache Tomcat Code Execution Vulnerability

Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server, which is mainly used for the development and debugging of JSP programs for small and medium-sized systems. There is a security vulnerability in Apache Tomcat. An...

Tumder 2.1 - SQL Injection

Tumder 2.1 - SQL Injection Exploit Title: Tumder - An Arcade Games Platform 2.1 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://sndr.co.ve/ Software Link: https://codecanyon.net/item/tumder-an-arcade-games-platform/18726994 Version: 2.1 Category: Webapps Tested on:...

Juniper Junos Remote Code Execution Vulnerability

Juniper Junos OS is a Juniper Networks network operating system designed for the company's hardware systems. The OS provides a secure programming interface and the Junos SDK. A remote code execution vulnerability exists in Juniper Junos OS. A remote attacker could exploit the vulnerability to...