133 matches found
UBUNTU-CVE-2020-10977
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects...
CVE-2019-11930
An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...
CVE-2019-11930
An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...
Microsoft Team Foundation Server Code Execution Vulnerability
Microsoft Team Foundation Server is a source code management, project management and team collaboration platform within the Application Lifecycle Management ALM suite of tools from Microsoft. The platform helps teams collaborate more flexibly and effectively and deliver high-quality software more...
CVE-2018-15395
A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller WLC Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The...
The vulnerability of the network service component of the ArchestrA system’s messaging component between components allows a perpetrator to cause a service failure.
The vulnerability of the network service component of the ArchestrA system for message exchange between components is related to an error in pointer arithmetic. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted request...
Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More
Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...
Mozilla: Use-after-free when appending DOM nodes
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affec...
Circle with Disney Apid Use-Between-Reallocs Information Disclosure Vulnerability
Summary An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivit...
Between - Private Couples App - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Between - Private Couples App published at the 'play' market has multiple vulnerabilities...
Crlf injection
The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...
DEDECMS v5. 7(2013-06-07) xss+csrf 0day-vulnerability warning-the black bar safety net
Bookmark management existxss+csrf http://localhost/dedecms/member/flinkmain.php xss:http://localhost/dedecms/member/flinkmain.php?dopost=addnew&title=test' onmouseover=alert1;'&url=test' onmouseover=alert1;' CSRF:img...
Breakthrough SQL injection limit of a little thought-vulnerability warning-the black bar safety net
Suddenly wonder if we can use what method to bypassSQL injectionlimit? Online to study a bit, and the method mentioned most of them are for AND with“'”and“=”, filter breakthrough, although a little progress, but still there are some keyword is not a bypass, because I don't ofteninvasionsite so di...