CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

UBUNTU-CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represen...

MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities

Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...

CVE-2018-10949

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors...

Tech support scam uses fake Shoppers Stop site to lure thousands

Update 2018-05-17: Shoppers Stop is a legitimate company based out of India and their brand was abused by scammers. These days, there are a lot of browser locker campaigns fueled by malvertising or redirection from hacked sites. But the Shoppers Stop tech scam campaign is actually a bit of both,...

CVE-2017-14471

An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information,...

exportgenius.in XSS vulnerability

Open Bug Bounty ID: OBB-595700 Description| Value ---|--- Affected Website:| exportgenius.in Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-16772

Improper input validation vulnerability in SYNOPHOTOFlickrMultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the progid parameter...

TrueCrypt Security Bypass Vulnerability

TrueCrypt is an open source virtual encryption disk encryption software that creates virtual disks on your hard drive without generating any files. A security vulnerability exists in the 'ProcessVolumeDeviceControlIrp' function of the Ntdriver.c file in TrueCrypt version 7.1a. A local attacker ca...

Lovefilm APP suffers from arbitrary user login vulnerability

Love Shadow APP is a video editing software for cell phones. There is an arbitrary user login vulnerability in Love Shadow APP. An attacker can log into any user account by capturing packets and obtaining authentication codes...

Beijing Joyful Growth Technology Co., Ltd. new growth APP there are arbitrary cell phone number registration vulnerability

New Growth APP is an application to record the growth of parents and children developed by Beijing Joyful Growth Technology Co. Ltd. There is an arbitrary cell phone number registration vulnerability in the New Growth APP. Due to the small number of verification code digits and the lack of checks...

Gitleaks - Searches Full Repo History For Secrets And Keys

Searches Full Repo History For Secrets And Keys. Installing go get -u github.com/zricethezav/gitleaks Usage and Explanation ./gitleaks options Gitleaks audits local and remote repos by running regex checks against all commits. Options usage: gitleaks options / Options: -u --user Git user mode -r...

Nextcloud: twofactor_auth bypassable if provider fails to load

Just want to preface this by saying that this is probably not a significant vulnerability, as it requires that the server either have recently been incorrectly upgraded or otherwise misconfigured. However in the administration of my own personal NextCloud instance I have hit this several times...

CVE-2018-1000021

It was found that the Git client printed server-sent ANSI escape codes to the terminal without any sanitization, leading to execution of arbitrary escape sequences in the terminal emulator. Exploitation of this flaw by a MitM attacker could potentially result in code execution, arbitrary file...

PT-2018-17665 · Malwarefox · Malwarefox Antimalware

Name of the Vulnerable Software and Affected Versions: MalwareFox AntiMalware version 2.74.0.150 Description: The issue is related to improper access control in the zam32.sys and zam64.sys drivers, which allows a non-privileged process to elevate privileges. This can be achieved by sending specif...

kernel: local privesc in key management

A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively...

CVE-2018-6201

In eScan Antivirus 14.0.1400.2029, the driver file econceal.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4...

Hardware vulnerability in Wamma smart door locks

Guangzhou Huama Building Materials Co., Ltd. is a modernized professional manufacturer integrating scientific research, production and sales. There is a hardware vulnerability in the Huama smart door lock, which is due to the fact that the Huama door lock radio signal is not set up with anti-repl...

Logic design flaws in Direct Marketing Mastermind App

The Direct Marketing Everything App is a live streaming platform that focuses on education and training. There is a logic design vulnerability in the Direct Marketing Master App. Attackers can log into other people's accounts and obtain sensitive information by grabbing packets to obtain...