NET Debugger & Assembly Editor: dnSpy

dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor and more and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies eg. malware without crashing...

The vulnerability of the ap_get_basic_auth_pw() function in the Apache HTTP Server allows attackers to circumvent authentication requirements.

The vulnerability of the apgetbasicauthpw function in the Apache HTTP Server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass authentication requirements by using external modules...

ALPINE-CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

CVE-2017-10784

Removed by vendor...

UBUNTU-CVE-2017-10784

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...

Ruby Security Bypass Vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A security vulnerability exists in the Basic authentication code of the WEBrick library in Ruby versions prior to 2.2.8, 2.3.x prior to 2.3.5, and 2.4.x...

India Goods and Services Tax Network (GSTN) Offline Utility Elevation of Privilege Vulnerability

A security vulnerability exists in GSTNofflinetool in the India Goods and Services Tax Network GSTN Offline Utility tool prior to version 1.2. A local attacker can exploit this vulnerability by replacing winstart-server.vbs with arbitrary VBScript code to gain privileges...

ruby -- multiple vulnerabilities

Ruby blog: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf If a malicious format string which contains a precious specifier is passed and a huge minus value is also passed to the specifier, buffer underrun may be caused. In such situation, the result may contains heap, or the Ruby...

Escape sequence injection vulnerability in the Basic authentication of WEBrick

There is an escape sequence injection vulnerability in the Basic authentication of WEBrick bundled by Ruby. When using the Basic authentication of WEBrick, clients can pass an arbitrary string as the user name. WEBrick outputs the passed user name intact to its log, then an attacker can inject...

CVE-2017-13724

On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page...

CVE-2017-13724

CVE-2017-13724 describes a stored Cross-Site Scripting vulnerability in the APN parameter on the Axesstel MU553S MU55XS devices running firmware v1.14, on the Basic Settings page. The affected component is the APN field handling in that page; the root cause is a stored XSS flaw that can persist u...

BSA-2017-361

Security Advisory ID : BSA-2017-361 Component : Apache HTTPD Revision : 2.0: Final In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of theapgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

WordPress FormCraft Basic Plugin SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . FormCraft Basic plugin is one of the form creation plugin . A SQL injection vulnerability exists in version 1.0...

CVE-2017-13137

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

Sql injection

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

CVE-2017-13137

The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php...

OpenJDK: unbounded memory allocation in BasicAttribute deserialization (Serialization, 8174105)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...

Cansina - Web Content Discovery Tool

Cansina is a Web Content Discovery Application. It is well known Web applications don't publish all their resources or public links, so the only way to discover these resources is requesting for them and check the response. Cansina duty is to help you making requests and filtering the responses t...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...

httpd: ap_get_basic_auth_pw() authentication bypass

It was discovered that the use of httpd's apgetbasicauthpw API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd...