6367 matches found
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...
CVE-2019-0369
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability...
logrotten 3.15.1 - Privilege Escalation
logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...
LabCollector 5.423 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...
What Is the DoD’s New Cybersecurity Maturity Model Certification, and What Does It Mean for Defense Contractors?
Citing the threat of compromise of Controlled Unclassified Information CUI within the defense industrial base DIB, along with the high cost of cyber breaches in general, the Office of the Assistant Secretary of Defense for Acquisition has initiated a program for rating the cybersecurity maturity ...
Code injection
mintinstall aka Software Manager 7.9.9 for Linux Mint allows code execution if a REVIEWSCACHE file is controlled by an attacker, because an unpickle occurs. This is resolved in 8.0.0 and backports...
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads Exploit
VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where no new document has been attached, // and the old document has...
Thousands of Windows PCs infected by Nodersok/Divergent fileless malware
By Sudais A new fileless malware is on the rise which converts computers into bots that can be controlled by hackers remotely. This is a post from HackRead.com Read the original post: Thousands of Windows PCs infected by Nodersok/Divergent fileless malware...
CVE-2019-9402
CVE-2019-9402 affects Android 10 Bluetooth: a missing bounds check in the Bluetooth stack can cause remote denial of service with no privileges and no user interaction. The vulnerability is triggered via network access, resulting in a DoS affecting availability (high in CVSS3). Exploitation detai...
ALPINE-CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with...
macOS 18.7.0 Kernel - Local Privilege Escalation
macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...
3S-Smart Software Solutions GmbH CODESYS V3 Products Containing a CODESYS Communication Server
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: 3S-Smart Software Solutions GmbH Equipment: CODESYS V3 products containing a CODESYS communication server Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this...
PYSEC-2019-236
An issue was discovered in py-lmdb 0.97. For certain values of mdflags, mdbnodeadd does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker...
DEBIAN-CVE-2019-16159
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdow...
CVE-2019-13020
The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content...
xterm.js: Mishandling of special characters allows for remote code execution
It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file...
Privilege Escalation
procps-ng is vulnerable to privilege escalation. The top utility is run with HOME unset in an attacker-controlled directory, the attacker can exploit one of several vulnerabilities in the configfile to escalate the privileges...
CVE-2019-10389
A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...
redis: Stack buffer overflow in HyperLogLog triggered by malicious client
A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By corrupting a HyperLogLog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer...
procps: Local privilege escalation in top
If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of...