groovy -- remote execution of untrusted code/DoS vulnerability

The Apache Groovy project reports: When an application with Groovy on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly when...

gazzettadelsud.it XSS vulnerability

Open Bug Bounty ID: OBB-180568 Description| Value ---|--- Affected Website:| gazzettadelsud.it Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

glibc - 'getaddrinfo' Remote Stack Buffer Overflow

/ add by SpeeDr00t@Blackfalcon jang kyoung chip This is a published vulnerability by google in the past. Please refer to the link below. Reference: - https://googleonlinesecurity.blogspot.kr/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html - https://github.com/fjserna/CVE-2015-7547 -...

WordPress Fluid Accessible Ui Options Plugin - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

axp.zedo.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-166935 Description| Value ---|--- Affected Website:| axp.zedo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

XSS in /includes/decorators/global-translations.jsp

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-61888. panel Somewhat hard to exploit but still doable when it comes to cache poisoning. Steps to reproduce: Tamper with a GET request to...

Secret smart watch and fitness band how to leak your ATM password-vulnerability warning-the black bar safety net

! In this article at the beginning,I would like to start by asking you a simple question:your dominant hand is the left hand or right hand? This is a very simple question,this question will not bring you any loss. But the next question is not necessarily:are you in your dominant hand wearing a...

Symantec AntiVirus - TNEF Decoder Integer Overflow

Symantec AntiVirus - TNEF Decoder Integer Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=819 Simple fuzzing found an integer overflow in the dec2tnef library. This allocation from Attachment::setDataFromAttachment doesn't verify that the attacker controlled value doesn...

Medium: nginx

Issue Overview: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file. Affected Packages: nginx...

CVE-2016-1665

CVE-2016-1665 is an information-leak vulnerability in Google Chrome’s V8 JavaScript engine. The issue arises in the JSGenericLowering path (compiler/js-generic-lowering.cc) where Chrome before 50.0.2661.94 mishandled certain comparison operators, enabling remote attackers to obtain sensitive info...

Safety warning: a affect 1. 3 billion Apple users, the exploit code-exploit warning-the black bar safety net

! Recently, security researchers released a tweet that referred to Apple device vulnerabilities as well as about the vulnerability of the program code. Bug-fix is not ideal In the last week the media exposure of the Apple device system, a critical Vulnerability, CVE-2 0 1 6-1 7 5 7, you can use...

Fishing Knots - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fishing Knots published at the 'play' market has multiple vulnerabilities...

Songify by Smule - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Songify by Smule published at the 'play' market has multiple vulnerabilities...

sports.mk.co.kr XSS vulnerability

Open Bug Bounty ID: OBB-143792 Description| Value ---|--- Affected Website:| sports.mk.co.kr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

chel.kassy.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-143113 Description| Value ---|--- Affected Website:| chel.kassy.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

vepa62.com XSS vulnerability

Open Bug Bounty ID: OBB-142710 Description| Value ---|--- Affected Website:| vepa62.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

dermaremedies.in XSS vulnerability

Open Bug Bounty ID: OBB-128550 Description| Value ---|--- Affected Website:| dermaremedies.in Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

mpsmortgageco.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-124450 Description| Value ---|--- Affected Website:| mpsmortgageco.com Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...