Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

GSA Bounty: Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone

Hey there, while signing for new api key, i have found two bugs that is unusual and make anyone to send crafted or customised email to someone. Bug 1: - low 1. Go to https://api.data.gov/signup/ 2. Enter first and last name , then enter email id and get api key. Bug: You can use the same email id...

CVE-2017-10920

The grant-table feature in Xen through 4.8.x mishandles a GNTMAPdevicemap and GNTMAPhostmap mapping, when followed by only a GNTMAPhostmap unmapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224...

CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

Memory corruption

The grant-table feature in Xen through 4.8.x mishandles a GNTMAPdevicemap and GNTMAPhostmap mapping, when followed by only a GNTMAPhostmap unmapping, which allows guest OS users to cause a denial of service count mismanagement and memory corruption or obtain privileged host OS access, aka XSA-224...

CVE-2017-10913

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1...

CVE-2017-10913

CVE-2017-10913 affects the Xen hypervisor grant-table handling up to 4.8.x. The vulnerability arises from concurrent unmap calls causing false grant mappings, enabling backend attackers to read sensitive data or escalate privileges (XSA-218 bug 1). Impact shown in multiple advisories; patches/wor...

Winamp 5.63 - 'winamp.ini' Local Overflow

Exploit Title: winampevilskin.py Date: 25 August 2013 Exploit Author: Ayman Sagy Vendor Homepage: http://www.winamp.com/ Version: 5.63 Tested on: Windows XP Professional SP3 Version 2002 CVE : 2013-4694 Ayman Sagy August 2013 This is an exploit for Bug 1 described in...

e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ?php / Explanation: Bug 1 admin/showimg.php: ?php $fp = fopen$GET'img', "r"; $img = fread$fp, filesize$GET'img'; fclose$fp; header"Content-type: ".$GET'type'; echo $img; ? ...need i say more? Bug 2 admin/functions.php: if...