CVE-2019-13263

D-Link DIR-825AC G1 (and related DIR-882 family) devices are affected by insufficient isolation between host and guest networks. The vulnerability arises when a DHCP Request with a Transaction ID causes the router to reply with an ACK/NAK, and the NAK can be sent to both Host and Guest networks u...

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

What stealthy attacks are hiding in API data — and why do most WAF miss them?! API Data: What is it and how is it saying it? APIs are the blood flow of today’s applications — from online browser-based apps to mobile apps to sophisticated distributed enterprise applications connecting dozens of...

Flask is vulnerable to Denial of Service via incorrect encoding of JSON data

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

PYSEC-2018-66

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

UBUNTU-CVE-2018-1000656

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

Universal Radio Hacker - Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include hardware interfaces for common Software Defined Radios easy demodulation of signals assigning participants to keep overview of your data customizable decodings to crack even sophisticated...

JavaScript Data Encoding Evasion

An attacker might utilize various evasion technique in order to evade detection by IPS devices...

VirtualDJ-ProHome-7.3

Exploit Author: Alexandro Sánchez Bach functionmixer.blogspot.com Vendor Homepage: http://www.virtualdj.com/ Software Link: http://www.filehippo.com/en/downloadvirtualdj/14361/ Version: VirtualDJ Pro/Home 7.3 def encodeDatadecoder, data, validValues: assert data.find"\0" == -1, "Shellcode must be...

ThinkSNS最新版存储型XSS

简要描述： 过滤不严格导致XSS，最新版测试xss成功 详细说明： POC: 在微吧发帖，内容写入 xss PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+对应的是alertdocument.cookie的base64编码 firefox： 另附一枚ie下的绕过： 代码中有对javascript:进行了过滤，但是在IE下，可以通过回车来绕过，下图为过滤敏感字符片段： 可用如下语句进行绕过，这个语句不能直接写入贴子正文处，不然会被转义，需要用burp等工具来发包： test 结果： 漏洞证明： 当用户浏览贴子的时候，就会触发xss...

74CMS talent system v3. 2 injection& full version pass rounded out the background-bug warning-the black bar safety net

Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...

Погружение в матрицу: анализ структуры и методы распознавания QR-кода

В современном мире информация может представляться в самых причудливых формах. Причины на это могут быть разные и не всегда имеют стеганографическую подоплеку. У «человека разумного» буквально появился «третий глаз»: мобильный телефон стал неотъемлемым атрибутом каждого из нас. А что именно с его...

CVE-2007-5793

CVE-2007-5793 affects Stonesoft StoneGate IPS before 4.0, where the product fails to properly decode Fullwidth/Halfwidth Unicode encoded data. This vulnerability could allow remote attackers to scan or penetrate systems and avoid detection, per the NVD description. No explicit exploit details or ...