UBUNTU-CVE-2016-4579

Libksba before 1.3.4 allows remote attackers to cause a denial of service out-of-bounds read and crash via unspecified vectors, related to the "returned length of the object from ksbaberparsetl."...

Microsoft JScript and VBScript Scripting Engine Memory Corruption Vulnerability (CNVD-2016-03119)

Microsoft Internet Explorer IE is a web browser developed by Microsoft and is the default browser that comes with the Windows operating system.JScript is one of the interpreted object-based scripting languages.VBScript engines are one of the... VBScript engine. A memory corruption vulnerability...

CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)

!/usr/bin/python Exploit Title : CIScanv1.00 Hostname/IP Field SEH Overwrite POC Discovery by : Nipun Jaswal Email : [email protected] Discovery Date : 11/05/2016 Software Link : http://www.mcafee.com/us/downloads/free-tools/ciscan.aspx Tested Version : 1.00 Vulnerability Type: SEH Overwrite...

CIScan 1.00 - Hostname/IP Field Overwrite (SEH) (PoC)

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title : CIScanv1.00 Hostname/IP Field SEH Overwrite POC Discovery by : Nipun Jaswal Email : email protected Discovery Date : 11/05/2016 Software Link : http://www.mcafee.com/us/downloads/free-tools/ciscan.aspx Tested...

CIScan 1.00 - HostnameIP Field Overwrite (SEH) (PoC)

CIScan 1.00 - HostnameIP Field Overwrite SEH PoC !/usr/bin/python Exploit Title : CIScanv1.00 Hostname/IP Field SEH Overwrite POC Discovery by : Nipun Jaswal Email : [email protected] Discovery Date : 11/05/2016 Software Link : http://www.mcafee.com/us/downloads/free-tools/ciscan.aspx Tested...

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02775)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark versions 1.12.x prior to 1.12.10, and versions 2.x prior to...

Libksba Integer Overflow Vulnerability

Libksba is a library that simplifies work tasks for X.509 certificates, CMS data and related objects in the GnuPG project developed by the GNU Project. An integer overflow vulnerability exists in the BER decoder src/ber-decoder.c file in Libksba. An attacker could use this vulnerability to cause ...

UBUNTU-CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...

Brickcom Network Cameras XSS / CSRF / Insecure Direct Object Reference

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Brickcom Corporation Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-12 www.orwelllabs.com twt:@orwelllabs sm1thw@0rw3lll4bs:/bb ./Bruce.S + surveillance is the business model of the internet - OK! sm1thw@0rw3lll4bs:/bb echo $?...

Siemens Industrial Products glibc Library Vulnerability (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-103-01B Siemens Industrial Products glibc Library Vulnerability that was published July 14, 2016, on the NCCIC/ICS-CERT web site. Siemens reports that a buffer overflow vulnerability in the glibc library could...

CVE-2016-2512

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

DEBIAN-CVE-2016-2512

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

Cross site scripting

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

PYSEC-2016-15

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

PYSEC-2016-15

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

CVE-2016-2512

The utils.http.issafeurl function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting XSS attacks via a URL containing basic authentication, as demonstrated by...

Debian DSA-3544-1 : python-django - security update

Several vulnerabilities were discovered in Django, a high-level Python web development framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2016-2512 Mark Striemer discovered that some user-supplied redirect URLs containing basic authentication...

Innerwise Basic - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Innerwise Basic published at the 'play' market has multiple vulnerabilities...

Office HD: Presentations BASIC - Base64 encoded String, Customized SSL, Insecure KeyStore vulnerabilities

HackApp vulnerability scanner discovered that application Office HD: Presentations BASIC published at the 'play' market has multiple vulnerabilities...