WordPress Dev-Custom-Management VerzDesign 1.0 Database Disclosure / Shell Upload

Exploit Title : WordPress Dev-Custom-Management Plugins VerzDesign 1.0 Database Backup Disclosure and Arbitrary File Upload Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : wordpress.org verzdesign.com Software Download Link : N/A Teste...

CVE-2018-19790: Open Redirect Vulnerability when using Security\Http

Affected versions Symfony 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19, 4.0.0 to 4.0.14, 4.1.0 to 4.1.8 and 4.2.0 versions of the Symfony Form component are affected by this security issue. The issue has been fixed in Symfony 2.7.50, 2.8.49, 3.4.20, 4.0.15, 4.1.9 and 4.2.1. Note that no fixe...

Denial Of Service (DoS)

MuPDF is vulnerable to denial of service. An infinite loop in the function svgdevendtile in fitz/svg-device.c allows an attacker to cause a denial of service condition...

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer Exploit

Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic 3616.04.1-Ubuntu SMP Sun Feb 5 09:39:57 UTC 2017 x8664 x8664...

CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svgdevendtile in fitz/svg-device.c, as demonstrated by mutool...

CVE-2018-19777

In Artifex MuPDF 1.14.0, there is an infinite loop in the function svgdevendtile in fitz/svg-device.c, as demonstrated by mutool...

Artifex MuPDF Infinite Loop Vulnerability

Artifex MuPDF is a free, lightweight PDF reader from Artifex Software. A security vulnerability exists in the 'svgdevendtile' function in the fitz/svg-device.c file in Artifex MuPDF version 1.14.0. An attacker can exploit the vulnerability to cause an infinite loop...

PT-2018-15091 · Artifex · Artifex Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue is related to an infinite loop in the svg dev end tile function, located in the fitz/svg-device.c file. This was demonstrated using the mutool utility. Recommendations: For Artifex MuPDF...

Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer

Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp Kernel Pointer / Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic...

Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why

Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become very...

CVE-2018-11913

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue...

Input validation

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper configuration of dev nodes may lead to potential security issue...

Debian: Security Advisory (DLA-1587-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

dev.2n.cz XSS vulnerability

Open Bug Bounty ID: OBB-699229 Description| Value ---|--- Affected Website:| dev.2n.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until...

New Docker-based Dev Pipeline: Microservice Projects Just Got A ‘Speed-Boost’

A bulwark of software engineering projects, the development pipeline is an automated process used to deliver changes from development through to production; enabling near real-time updates. The dev pipeline is a critical time saver as it enables you to: Avoid mistakes and wasted time as a result...

Missing Origin Validation

Overview Versions of webpack-dev-server before 3.1.10 are missing origin validation on the websocket server. This vulnerability allows a remote attacker to steal a developer's source code because the origin of requests to the websocket server that is used for Hot Module Replacement HMR are not...

Debian: Security Advisory (DLA-1566-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()

The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file...

openSUSE Security Update : singularity (openSUSE-2018-1223)

Singularity was updated to version 2.6.0, bringing features, bugfixes and security fixes. Security issues fixed : - CVE-2018-12021: Fixed access control on systems supporting overlay file system boo1100333. Highlights of 2.6.0 : - Allow admin to specify a non-standard location for mksquashfs bina...

ai.dev-tools:ai-devtools (>=0.1.12 <=0.1.20), ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0) +3660 more potentially affected by CVE-2018-1257 via org.springframework:spring-core (>=5.0.0.RELEASE <=5.0.5.RELEASE)

org.springframework:spring-core MAVEN version =5.0.0.RELEASE, =0.1.12, =1.0.0, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =0.0.1, =0.0.2, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.3.RELEASE, =2.0.2.RELEASE, =2.0.3.RELEASE and more Source cves...