Adobe Acrobat Pro DC U3D PIC Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

PinkyToken Number Error Vulnerability

PinkyToken is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in PinkyToken's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

AT&T Bizcircle Cross Site Scripting

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Scripting Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

CloudBees Jenkins URLTrigger Plugin Cross-Site Request Forgery Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . URLTrigger Plugin is...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

AT&T Bizcircle - Persistent Profile Cross Site Vulnerability

Document Title: =============== AT&T Bizcircle - Persistent Profile Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2108 AT&T Reference ID: 1502971499862 Vulnerability Magazine:...

1000 Guess has an unspecified vulnerability

1000 Guess is an ethereum-based random number guessing game. A security vulnerability in the 'addguess' function of the implementation of the simplelottery smart contract in 1000 Guess stems from the program's use of publicly readable variables to generate random values. An attacker could exploit...

Design/Logic Flaw

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php and index.php files of the /grid5/scripts/ modules. The injection point is located in the Project Title and the execution point occurs in the Inhaltsprojekt...

CVE-2018-13002

The CVE-2018-13002 entry concerns Weblication CMS Core & Grid v12.6.24. A cross-site scripting (XSS) flaw exists in the wFilemanager.php and index.php files within the /grid5/scripts/ module. The vulnerability targets the Project Title field in the Inhaltsprojekte listing, allowing remote attacke...

CVE-2018-0359

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid user session identifier, aka Session Fixation. The vulnerability exists because the affected...

Google Developer Discovers a Critical Bug in Modern Web Browsers

Google researcher has discovered a severe vulnerability in modern web browsers that could have allowed websites you visit to steal the sensitive content of your online accounts from other websites that you have logged-in the same browser. Discovered by Jake Archibald, developer advocate for Googl...

js-given code execution vulnerability

js-given is a developer-oriented , BDD for JavaScript Behavior Driven Development, Behavior Driven Development tools . A security vulnerability exists in js-given that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability ...

Synapse Hijacking Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. There is a security vulnerability in Synapse. An attacker can exploit the vulnerability to hijack 'rooms' message channels...

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in...

FTPShell Server Denial of Service Vulnerability

FTPShell Server is a safe and reliable FTP client tool. A security vulnerability exists in FTPShell Client version 6.80. An attacker can exploit this vulnerability to launch a denial of service attack...

Unspecified vulnerability in https-proxy-agent

https-proxy-agent is an implementation of an HTTP or HTTPS proxy. A security vulnerability exists in https-proxy-agent. An attacker can exploit this vulnerability to cause a denial of service and disclose memory...

selenium-standalone-painful remote code execution vulnerability

selenium-standalone-painful is a program for installing command line tools for starting a selenium standalone server. A security vulnerability exists in selenium-standalone-painful that originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker...

Researchers discover vulnerabilities in smart assistants’ voice commands

Virtual personal assistants VPA, also known as smart assistants like Amazon’s Alexa and Google’s Assistant, are in the spotlight for vulnerabilities to attack. Take, for example, that incident about an Oregon couple’s Echo smart speaker inadvertently recording their conversation and sending it to...

SearchBlox 8.6.6 - Cross-Site Request Forgery

SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...