Invoker - Penetration Testing Utility

Penetration testing utility. The goal is to use this tool when access to some Windows OS features through GUI is restricted. Some features require administrative privileges. Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a...

Improper access control

In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper access control since the the version 1.5.0.0 for legacy controllers. - admin-dev/index.php/configure/shop/customer-preferences/ - admin-dev/index.php/improve/international/translations/ -...

CVE-2020-5279

PrestaShop vulnerability CVE-2020-5279 affects versions 1.5.0.0 through 1.7.6.5, due to improper access control in legacy controllers exposed via several admin paths (for example admin-dev/index.php/configure/shop/customer-preferences/ and related international/translation/geolocation/localizatio...

Denial Of Service (DoS)

The kernel packages is vulnerable to denial of service DoS.It was found that an mmap call with the MAPPRIVATE flag on "/dev/zero" would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A deficiency was found in the libATA implementation. This could, potentially, lead to a denial of service. By default, the /dev/sg devices are accessible only to the root user...

Imgur: Sourcemaps and Unminified Source Code Exposed on Pages

Hello, I'm not sure if this was actually meant to be made public on purpose, but I was looking through some of the sources that were loaded and found out the following: https://imgur.com/ - See ██████ s.imgur.com - desktop-assets - js contains multiple minified JS files as one would usually expec...

CVE-2017-18688

An issue was discovered on Samsung mobile devices with L5.1, M6.0, and N7.0 software. There is an information disclosure of memory locations outside a buffer via /dev/dsmctrldev. The Samsung ID is SVE-2016-7340 January 2017...

CVE-2017-18688

CVE-2017-18688 affects Samsung mobile devices running L(5.1), M(6.0), and N(7.0). The issue is an information disclosure through reading memory locations outside a buffer via the device node /dev/dsm_ctrl_dev. Connected Red Hat/other records repeat this description and map it to Samsung ID SVE-20...

CVE-2018-7191

A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service NULL pointer dereference and panic via an ioctl TUNSETIFF call with a dev name containing a / character...

Xfig fig2dev Input Validation Error Vulnerability

Xfig fig2dev is a tool for printing and exporting .fig format files. An input validation error vulnerability exists in the 'makearrow' function of the arrow.c file in Xfig fig2dev version 3.2.7b. The vulnerability stems from a networked system or product that does not properly validate input data...

Unspecified vulnerability in openITCOCKPIT

openITCOCKPIT is a set of open source system monitoring tools . openITCOCKPIT 3.7.2 and earlier versions of a security vulnerability , an attacker can be exploited by placing in the HTTP Host header with 'dev' or 'staging' host name configuration self::DEVELOPMENT or self::STAGING option...

GLSA-202003-41 : GNU FriBidi: Heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-202003-41 GNU FriBidi: Heap-based buffer overflow A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact : A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges...

GLSA-202003-42 : libgit2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-42 libgit2: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libgit2. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly overwrite arbitrary paths,...

GNU FriBidi: Heap-based buffer overflow

Background The Free Implementation of the Unicode Bidirectional Algorithm. Description A heap-based buffer overflow vulnerability was found in GNU FriBidi. Impact A remote attacker could possibly cause a memory corruption, execute arbitrary code with the privileges of the process or cause a Denia...

dev-slipsafe.hybridsaas.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1100572 Security Researcher gdattacker Helped patch 162 vulnerabilities Received 3 Coordinated Disclosure badges Received 18 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

CVE Api - Parse & filter the latest CVEs from cve.mitre.org

Parse & filter the latest CVEs from https://cve.mitre.org. Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails...

The Linux CSPRNG Is Now Good!

Oceans of ink and hours on stage have been spent to convince the world that the best random number generator is /dev/urandom, the kernel one. And it is, and its always been. However, an uncomfortable truth was that the Linux CSPRNG really could have been better than it was. Userspace CSPRNGs...

dev-04.sites.beoptimized.nl Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1086659 Security Researcher error404 Helped patch 536 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting dev-04.sites.beoptimized.n...

Fedora 30 : xar (2020-bbd24dd0cf)

The remote Fedora 30 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2020-bbd24dd0cf advisory. - Use Apple upstream instead of non-fresh Github one - New upstream in 1.8 dev branch with 417.1 subversion - Close CVE-2018-17093 - Close...

Debian: Security Advisory (DLA-2081-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...