Shanghai Jumo Information Technology Co., Ltd. radish borrowing APP has information leakage vulnerability

Radish Borrowing APP is a small borrowing money fast installment loan software. Shanghai Jumo Information Technology Co. Radish Borrowing APP has information leakage vulnerability. Attackers can register any account and reset any password by grabbing packets to get verification code...

[ASA-201801-12] irssi: denial of service

Arch Linux Security Advisory ASA-201801-12 ========================================== Severity: Medium Date : 2018-01-16 CVE-ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208 Package : irssi Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-575 Summary...

Updated irssi packages fix security vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service CVE-2018-5205. Joseph Bisch discovered that...

Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3527-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3527-1 advisory. Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or openi...

USN-3527-1: Irssi vulnerabilities

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. CVE-2018-5205 Joseph Bisch discovered that...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

ASP.NET Core Cross Site Request Forgery Vulnerabilty

A Cross Site Request Forgery CSRF vulnerability exists when a ASP.NET Core web application is created using vulnerable project templates. An attacker who successfully exploited this vulnerability could change the recovery codes associated with the victim's user account without his/her consent. As...

FreeBSD : irssi -- multiple vulnerabilities (a3764767-f31e-11e7-95f2-005056925db4)

Irssi reports : When the channel topic is set without specifying a sender, Irssi may dereference NULL pointer. Found by Joseph Bisch. When using incomplete escape codes, Irssi may access data beyond the end of the string. Found by Joseph Bisch. A calculation error in the completion code could cau...

Design/Logic Flaw

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

ALPINE-CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

UBUNTU-CVE-2018-5205

When using incomplete escape codes, Irssi before 1.0.6 may access data beyond the end of the string...

SonicWall SonicOS NSA - Multiple Web Vulnerabilities

Document Title: =============== SonicWall SonicOS NSA - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1725 Release Date: ============= 2018-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 1725...

CVE-2013-7400

The Direct Mail directmail extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes...

Automattic: Stored XSS in www.learnboost.com via ZIP codes.

Summary --- www.learnboost.com is vulnerable to stored XSS via ZIP codes stored alongside school names in the Network panel. Browsers Verified In --- Mozilla Firefox 58.0b12 64-bit PoC --- Visit https://www.learnboost.com/settings/network/search and search for fro. My entry will trigger the XSS...