Test your barcode scanners: MalQR

Test your barcode scanners MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse...

Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird 45.7, Firefox ESR 45....

Ubuntu 14.04 LTS / 16.04 LTS : Irssi vulnerabilities (USN-3184-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3184-1 advisory. It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's...

USN-3184-1: Irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

USN-3184-1 irssi vulnerabilities

It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. CVE-2016-7553 Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi t...

Mozilla Firefox ESR 45.x < 45.7 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.7. It is, therefore, affected by the following vulnerabilities : - Mozilla developers and community members Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, and Oriol...

Security vulnerabilities fixed in Firefox 51 — Mozilla

JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. Use-after-free while manipulating XSL in XSLT documents A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potential...

Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability

Document Title: =============== Blackboard LMS 9.1 SP14 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID VL-ID: ====================================...

Get the Vehicle Information Such as the VIN from the Target Module

Post Module to query DTCs, Some common engine info and Vehicle Info. It returns such things as engine speed, coolant temp, Diagnostic Trouble Codes as well as All info stored by Mode $09 Vehicle Info, VIN, etc This module requires Metasploit: https://metasploit.com/download Current source:...

UBUNTU-CVE-2017-5195

Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted ANSI x8 color code...

Shopify: XSS on postal codes

Hi, 190951 is not fully fixed. Scripts can be injected via a csv file and make it execute in the application. Screenshots attached...

Shopify: XSS on manually entering Postal codes

Hello, I had found a XSS vulnerability in manually entering postal codes in "Advance Cash On Delivery" option which is newly launched for indians.Below is the screenshot attached. Thank You...

NetCat 0.7.1 - Denial of Service Exploit

Exploit for linux platform in category dos / poc /usr/bin/python -- Coding: utf-8 -- GNU Netcat 0.7.1 - Out of bounds array write Access Violation by n30m1nd Date: 2016-11-19 Exploit Author: n30m1nd Vendor Homepage: http://netcat.sourceforge.net/ Software Link:...

CVE-2016-9752

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address e.g., http://127.1 or a 30x aka Redirection HTTP status code...

Nordea Codes - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Nordea Codes published at the 'play' market has multiple vulnerabilities...

firewalld security, bug fix, and enhancement update

0.4.3.2-8 - Exclude firewallctl RHBZ1374799 0.4.3.2-7 - Tolerate ipv6rpfilter fail RHBZ1285769 - Fix setrules to copy the rule before extracting the table RHBZ1373260 - Translation update RHBZ1273296 - Conflict with NetworkManager 1:1.4.0-3.el7 RHBZ1366288 0.4.3.2-6 - Do not use exit code 254 for...

SweetRice 1.5.1 Code Execution

Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;?...

RealEstate CMS 3.00.50 - Cross Site Web Vulnerability

RealEstate CMS is a web portal script designed for realty agents , realtor or brokers to sell , buy , trade , rent and letting their client's property through online. It is a web based Content Management System integrated web application platform developed in php, mysql used by real estate...

Julian Assange is not Dead, but his Internet Connection is Cut by 'State Party'

Don't worry — Julian Assange is alive and kicking! But his Internet connection is dead. Earlier today, Wikileaks tweeted that its co-founder, Julian Assange, had his internet connection intentionally cut by an unidentified "state party." The non-profit organization said it had "activated...

Crack for Charity — GCHQ launches 'Puzzle Book' Challenge for Cryptographers

The UK's Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity. Dubbed "The GCHQ Puzzle Book," the book features more than 140 pages of codes, puzzles, and challenges created by expert cod...