Microsoft Macro Assembler Tampering Vulnerability

A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code. An attacker could introduce code into an application, which modifies data in an unintended manner. The security updates addresses the vulnerability by ensuring that Microsoft Macro Assembler properly...

CVE-2018-10976

In 2345 Security Guard 3.7, the driver file 2345BdPcSafe.sys, X64 version allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCTL 0x00222050...

CVE-2018-9053

In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf10026cc...

CVE-2017-17435

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request,...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to email protected e469cf49-4de3-4658-8419-ab42837916ad. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Fedora 24 : pcre2 (2017-2c4ddb3ca2)

This release fixes a crash when finding a Unicode property for a character with a code point greater than 0x10ffff in UTF-32 library while UTF mode is disabled and JIT mode is enabled. It also fixes an incortect cast in UTF validation routine. Note that Tenable Network Security has extracted the...

ecshop绕过原密码校验直接修改用户密码（安全隐患）

简要描述： 最新版本也存在此问题 详细说明： 该漏洞有个前提，需要会员系统整合ucenter 问题出在 user.php $action == 'acteditpassword' $oldpassword = isset$POST'oldpassword' ? trim$POST'oldpassword' : ''; $newpassword = isset$POST'newpassword' ? trim$POST'newpassword' : ''; $userid = isset$POST'uid' ? intval$POST'uid' : $userid; $code =...

auto-format of Curl responses may lead to code execution

When executing a cURL request using the RequestCurl class with an unvalidated URL provided by user input, or a request to a malicious or a legitimate but hacked website, a specially crafted response can lead to auto-execution of malicious code, due to the way the auto formatting mechanism works...

PragmaMX 1.2.10 - Persistent Cross-Site Scripting

TITLE ... Persistent XSS in PragmaMX 1.12.0 for logged in users DATE .... 30.01.2012 .......................................... AUTOHR .. http://hauntit.blogspot.com ................ SOFT LINK http://www.pragmamx.org ............................. VERSION . 1.12.0...

Ubuntu Update for linux-lts-backport-natty USN-1256-1

Ubuntu Update for Linux kernel vulnerabilities USN-1256-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12561.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for linux-lts-backport-natty USN-1256-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Memory Corruption Vulnerability

Description Samba versions 3.3.12 and all versions previous to this are affected by a memory corruption vulnerability. Samba versions 3.4.0 and all releases since this version are NOT affected by this problem. In particular, the current stable Samba version 3.5.3 is NOT affected by this problem...

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via 1 a crafted XAML browser application XBAP, 2 a crafted ASP.NET application, or 3 a...

Design/Logic Flaw

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...

Debian DSA-1514-1 : moin - several vulnerabilities

Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2423 A cross-site-scripting vulnerability has been discovered in attachment handling. - CVE-2007-2637 Access...

DSA-1514-1 moin

Bulletin has no description...

Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties

Exploit for unknown platform in category web applications ====================================================== Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties ====================================================== Arcadem Remote File Inclusion Flaw / SQL Injection Software: Arcadem 2.01...

invision131xss.txt

Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: COLOR=IMGhttp://aaa.aa/=aaa.jpg/IMGstyle=background:url"javascript:document.location.replace'http://www.hackthissite.org';" /color Fix: I'm not good at regexes :...