Microsoft Windows PowerShell Remote Code Execution Vulnerability

Microsoft.PowerShell.Archive and others are products of Microsoft Corporation.Microsoft Windows 10 is a suite of operating systems.PowerShell Core is a set of cross-platform command-line script execution environments built for heterogeneous environments and hybrid clouds.PowerShell Core is a suit...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

Dell EMC ESRS Virtual Edition Information Disclosure Vulnerability

Dell EMC ESRS is a secure storage product from DEll. An information disclosure vulnerability exists in Dell EMC ESRS Virtual Edition, where the contents of log files store sensitive data, including commands executed to generate authentication tokens, which could be useful to an attacker for...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-15592

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector...

CVE-2018-15592

Ivanti Workspace Control and RES One Workspace are affected by CVE-2018-15592 (pre-10.3.10.0). A local authenticated user can escalate privileges to execute processes with elevated rights via an unspecified attack vector. CVSS information from NVD indicates a local, low complexity attack with use...

CVE-2018-15593

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector...

CVE-2018-1743

CVE-2018-1743 affects IBM Security Key Lifecycle Manager. The vulnerability exposes sensitive information to unauthorized users, enabling information disclosure that could support further system attacks. Affected products and versions: IBM Security Key Lifecycle Manager v2.6 (up to 2.6.0.4), v2.7...

[20190205] - Core - XSS Issue in core.js writeDynaList

Inadequate parameter handling in JS code could lead to an XSS attack vector...

Substratum Integer Overflow Vulnerability

Substratum SUB is an ethereum-based virtual currency. An integer overflow vulnerability exists in the 'mintToken' function in Substratum's smart contract implementation, which can be exploited by an attacker to control mintedAmount and arbitrarily modify the balance of a user's account...

bojna.hr XSS vulnerability

Open Bug Bounty ID: OBB-679420 Description| Value ---|--- Affected Website:| bojna.hr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-17402

The PhonePe wallet aka com.PhonePe.app application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide...

Chaturbate: Forget password link not expiring after email change.

I found a token miss configuration flaw in chaturbate.com, When we reset password for a user a link is sent to the registered email address but incase it remain unused and email is updated by user from setting panel then too that old token reset link sent at old email address remains valid. A...

Design/Logic Flaw

A Pektron Passive Keyless Entry and Start PKES system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via an approach involving a 5.4 TB precomputation, followed by wake-frame reception and two...

MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Software Link: https://www.softneta.com/products/meddream-pacs-server/downloads.html Google Dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone...

Xxe

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...

CVE-2016-8526

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...

Adobe Systems - Arbitrary Code Injection Vulnerability

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Adobe Systems Main lead DBMS Arbitrary Code Injection

Document Title: =============== Adobe Systems - Arbitrary Code Injection Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2120 PSIRT ID: 7873 Vulnerability Magazine:...

Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability

Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...