Vtiger CRM does not properly restrict access to application data

Overview Vtiger CRM is a customer relationship management CRM software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with th...

The vulnerability of the Pixman library allows a attacker to trigger a service failure (application termination) or execute arbitrary code.

The vulnerability of the createbits function in the Pixman-bits-image.c library is due to a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure termination of the application or execute arbitrary code...

Linux/x86 - TCP Reverse Shellcode (75 bytes)

/ Linux x86 TCP Reverse Shellcode 75 bytes Author: sajith Tested on: i686 GNU/Linux Shellcode Length: 75 SLAE - 750 ------------c prog ---poc by sajith shetty---------- include include include include int mainvoid int sockfiledes; struct sockaddrin sockad; //1 create socket connection //Man page:...

Apache struts2 devMode Remote Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications . Apache struts2 devMode remote code execution vulnerability , the vulnerability i...

The vulnerability of the CUPS printing server allows a attacker to modify the device configuration file or execute arbitrary code.

The vulnerability of the addjob function in the scheduler/ipp.c file of the CUPS printing server is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to modify the device configuration file remotely or execute arbitrary code using specially crafted...

The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this function after release in nsTextEditRules::CreateMozBR in Mozilla Firefox, Firefox ESR, and Thunderbird allows malicious actors operating remotely to execute arbitrary code or cause service failures errors in handling dynamic memory...

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this function after release in nsTextEditRules::CreateMozBR in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code or cause service failures errors in handling dynamic memory...

Vulnerability of Microsoft Office software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

A vulnerability that allows for remote execution of code exists in Microsoft Office and is related to the processing of certain properties of Microsoft Word files. If a user with administrative privileges accesses the system, a malicious individual can gain full control over the system. They can...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

Google Chrome browser contains a vulnerability related to integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/rendererhost/media/audioinputrendererhost.cc. Exploiting this vulnerability allows malicious actors to cause service failures or other effects on th...

[SECURITY] Fedora 23 Update: php-pecl-zip-1.13.3-1.fc23

Zip is an extension to create and read zip files...

SSH Key Persistence

This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'SSH Key Persistence',...

Uber: Bulk UUID enumeration via invite codes

It is possible to enumerate UUID via invite code. During signup if we enter invite code then create request's response contains inviteruuid . As invite codes are public so attacker can easily enumerate bulk UUID . Here is sample request :- POST /signup/clients/create HTTP/1.1 X-Uber-RedirectCount...

CVE-2016-2061

Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service array overflow and memory corruption via a crafted...

UBUNTU-CVE-2016-5104

The socketcreate function in common/socket.c in libimobiledevice and libusbmuxd allows remote attackers to bypass intended access restrictions and communicate with services on iOS devices by connecting to an IPv4 TCP socket...

How to Create a Desktop Appliance Site in StoreFront

This article details the steps on how to create a desktop appliance site within StoreFront...

Ansible lxc_container Module Privilege Gain Vulnerability

Ansible is a computer system configuration manager from Ansible, Inc. that can be used to publish, manage and orchestrate computer systems. A security vulnerability exists in the 'createscript' function in the lxccontainer module in Ansible versions prior to 1.9.6-1 and 2.x versions prior to...

WordPress Creative Multi-Purpose 9.1.3 Theme - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any the...

WordPress Theme Creative Multi-Purpose 9.1.3 - Persistent Cross-Site Scripting

Vendor Homepage: http://bridge.qodeinteractive.com/ Software Link: http://themeforest.net/item/bridge-creative-multipurpose-wordpress-theme/7315054 Version: 9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Stored XSS, Ability to overwrite any theme settings. Time line: Found 23-Apr-2016, Vendor...

DEBIAN-CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

The vulnerability of the Firefox browser, which allows attackers to carry out UXSS attacks

The vulnerability of the WebExtension sandbox component browser/components/extensions/ext-tabs.js in the Firefox browser does not properly restrict the inheritance from API calls like chrome.tabs.create and chrome.tabs.update. Exploiting this vulnerability allows a malicious actor to perform UXSS...