22 matches found
CVE-2025-4925
A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The...
GHSA-VPXM-CR3R-PJP9 General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches
Impact We recently underwent Penetration Testing of OpenMRS by a third-party company. Vulnerabilities were found, and fixes have been made and released. We've released security updates that include critical fixes, and so, we strongly recommend upgrading affected modules. This notice applies to al...
h1-ctf: ccc ctf
██████████ will send detailed report later Impact can get admin credentials...
matio:matio_fuzzer: Crash in H5O_dtype_decode_helper
Detailed Report: https://oss-fuzz.com/testcase?key=5198181276319744 Project: matio Fuzzing Engine: afl Fuzz Target: matiofuzzer Job Type: aflasanmatio Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x618000010fb0 Crash State: H5Odtypedecodehelper H5Odtypeshareddecode H5Oattrshareddeco...
fr.benetton.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1167650 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
wireshark/fuzzshark_ip: Heap-buffer-overflow in asn1_get_real
Project: https://code.wireshark.org/review/wireshark Detailed report: https://oss-fuzz.com/testcase?key=5683872097894400 Project: wireshark Fuzzer: libFuzzerwiresharkfuzzsharkip Fuzz target binary: fuzzsharkip Job Type: libfuzzerasanwireshark Platform Id: linux Crash Type: Heap-buffer-overflow RE...
RapidScan - The Multi-Tool Web Vulnerability Scanner
Evolution: It is quite a fuss for a pentester to perform binge-tool-scanning running security scanning tools one after the other sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program...
ExpressionEngine: Open Redirect in comment section
@winst0n13 discovered that the URL you are redirected to after successfully submitting a comment could be modified in certain circumstances. @winst0n13 gave a detailed report with step-by-step instructions for replicating, enabling a speedy resolution to the issue...
tidy-html5/tidy_fuzzer: Crash in GetSurrogatePair
Detailed report: https://oss-fuzz.com/testcase?key=5741081738608640 Project: tidy-html5 Fuzzer: libFuzzertidy-html5tidyfuzzer Fuzz target binary: tidyfuzzer Job Type: libfuzzerasantidy-html5 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x604000010000 Crash State: GetSurrogatePair...
ExpressionEngine: Import File Converter - local File inclusion
@lawrenceamer discovered a local file inclusion vulnerability that logged in users with access to the control panel and permission to access developer utilities may be able to exploit. @lawrenceamer gave a detailed report with step-by-step instructions for replicating and screen captures of a the...
chakra: Crash in Js::JavascriptObject::CreateKeysHelper
Detailed report: https://oss-fuzz.com/testcase?key=5612339362529280 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x007fe19e6e44 Crash State: Js::JavascriptObject::CreateKeysHelper Js::JavascriptOperators::GetOwnPropertyNames...
libteken: Use-of-uninitialized-value in teken_trim_cursor_pos
Detailed report: https://oss-fuzz.com/testcase?key=6396364558696448 Project: libteken Fuzzer: libFuzzerlibtekenfuzzer Fuzz target binary: libtekenfuzzer Job Type: libfuzzermsanlibteken Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: tekentrimcursorpos...
wireshark: Heap-buffer-overflow in print_address_prefix_buf
Project: https://code.wireshark.org/review/wireshark Detailed report: https://oss-fuzz.com/testcase?key=6147014918144000 Project: wireshark Fuzzer: libFuzzerwiresharkfuzzsharkdissectorip Fuzz target binary: fuzzsharkdissectorip Job Type: libfuzzerasanwireshark Platform Id: linux Crash Type:...
libreoffice: Heap-buffer-overflow in MakePreview
Project: git://anongit.freedesktop.org/libreoffice/core Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5385827211280384 Project: libreoffice Fuzzer: libFuzzerlibreofficeepsfuzzer Fuzz target binary: epsfuzzer Job Type: libfuzzerasanlibreoffice Platform Id: linux Crash Type...
pcre2: Heap-buffer-overflow in match
Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6584285104439296 Project: pcre2 Fuzzer: libFuzzerpcre2fuzzer Fuzz target binary: pcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1...
libass: Global-buffer-overflow in ass_strtod
Project: https://github.com/libass/libass.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=5423111939817472 Target: libass Fuzzer: libFuzzerlibassfuzzer Fuzzer binary: libassfuzzer Job Type: libfuzzerasanlibass Platform Id: linux Crash Type: Global-buffer-overflow READ 8...
pcre2: Heap-buffer-overflow in parse_regex
Project: svn://vcs.exim.org/pcre2/code/trunk Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=6544078783119360 Fuzzer: libFuzzerpcre2fuzzer Job Type: libfuzzerasanpcre2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60300000011c Crash State:...
libchewing: Heap-buffer-overflow in _Inner_InternalSpecialSymbol
Project: https://github.com/chewing/libchewing.git Detailed report: https://clusterfuzz-external.appspot.com/testcase?key=4509892513628160 Fuzzer: libFuzzerchewingrandominitfuzzer Job Type: libfuzzerasanlibchewing Platform Id: linux Crash Type: Heap-buffer-overflow READ Crash Address:...
Mail.ru: XXE and SSRF on webmaster.mail.ru
SSRF request: POST /domain/metadata HTTP/1.1 Host: webmaster.mail.ru User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate...
http_vs_https_dist
This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...