EUVD-2012-5417

Malware in sbrugna...

Fraud Ring Launders Money Via Fake Charity Donations

A money-laundering fraud ring is targeting donation sites, taking advantage of the outpouring of charity sparked by the global pandemic. Dubbed Cart Crasher by the Sift security firm, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards...

Fedora 30 : opendmarc (2019-24b3f84f6e)

This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...

Fedora 29 : opendmarc (2019-e1f0417a24)

This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...

citecodecrashers Pic-A-Point 1.1 - Consignment SQL Injection

citecodecrashers Pic-A-Point 1.1 - Consignment SQL Injection Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection Author: Cakes Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point Software Link:...

Crasher - MMORPG - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Crasher - MMORPG published at the 'play' market has multiple vulnerabilities...

Recommended update for chromium (important)

Chromium was updated to 53.0.2785.113 to fix a number of security issues and bugs. The following vulnerabilities were fixed: - CVE-2016-5170: Use after free in Blink - CVE-2016-5171: Use after free in Blink - CVE-2016-5172: Arbitrary Memory Read in v8 - CVE-2016-5173: Extension resource access -...

Fedora 22 : conntrack-tools-1.4.2-9.fc22 (2015-1aee5e6f0b)

Addresses a crasher CVE-2015-6496 and various leaks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

HackerOne: Markdown code block sequence makes report unreadable

Proof of Concept Submitting a report/comment with an input like the following "Three backticks followed by a newline followed by -ddd/d" will cause the report to be unreadable I think it's because the parser is crashing? The attached file includes the input that I'm trying with difficulty to...

HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow

No description provided by source. $Id: hpnnmovwebsnmpsrvmain.rb 12097 2011-03-23 15:45:48Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Debian DSA-2121-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files wit...

[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2121-1 [email protected] http://www.debian.org/security/ Florian Weimer October 19, 2010 http://www.debian.org/security/faq -...

vBulletin Cyb - Advanced Forum Statistics Denial Of Service

Exploit Title: vBulletin "Cyb - Advanced Forum Statistics" DOS Date: 10-4-2010 Author: Andhra Hackers Software Link: Version: Web Application Tested on: Apcahe/Unix CVE : if exists Code : PHP crashes existed from a long time back and there were several issues which were a reason for that. 1PHP pa...

Fedora Core 12 FEDORA-2009-12950 (gtk2)

The remote host is missing an update to gtk2 announced via advisory FEDORA-2009-12950. OpenVAS Vulnerability Test $Id: fcore200912950.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12950 gtk2 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Sof...

Fedora 12 : gtk2-2.18.5-3.fc12 (2009-12950)

This update fixes a crasher issue in gtk2 involving out of process windows. Side effects of the bug are sporadic panel crashes, and occasional crashes in gnome-screensaver when typing an invalid password. This update also addresses a crash in Inkscape when using the text tool. Note that Tenable...

CVE-2009-3569

Stack-based buffer overflow in OpenOffice.org OOo allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable...

SuSE 11 Security Update : Evolution (SAT Patch Number 778)

camel's NTLM SASL authentication mechanism as used by evolution did not properly validate server's challenge packets. CVE-2009-0582 This update also includes the following non-security fixes : - Fixes a critical crasher in mailer component. - Fixes creation of recurrence monthly items in GroupWis...

Fedora 10 : openswan-2.6.21-2.fc10 (2009-7423)

Mon Jul 6 2009 Avesh Agarwal - 2.6.21-2 - Openswan ASN.1 parser vulnerability CVE-2009-2185 - Mon Mar 30 2009 Avesh Agarwal - 2.6.21-1 - new upstream release - Fix for CVE-2009-0790 DPD crasher - Fix remaining SADBEXTMAX - KSADBEXTMAX entries - Fix ipsec setup --status not showing amount of...

CVE-2009-1301

Integer signedness error in the storeid3text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service out-of-bounds memory access and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtain...

CVE-2008-4610

MPlayer allows remote attackers to cause a denial of service application crash via 1 a malformed AAC file, as demonstrated by lol-vlc.aac; or 2 a malformed Ogg Media OGM file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718...