EUVD-2022-54773

In the Linux kernel, the following vulnerability has been resolved: bonding: fix missed rcu protection When removing the rcureadlock in bondethtoolgettsinfo as discussed 1, I didn't notice it could be called via setsockopt, which doesn't hold rcu lock, as syzbot pointed: stack backtrace: CPU: 0...

GHSA-JCXM-7WVP-G6P5 Modified package published to npm, containing malware that exfiltrates private key material

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from...

zero-day

Zero-Day Vulnerabilities in Open-Source Projects This reposi...

bramah.co.uk Cross Site Scripting vulnerability OBB-3810964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Google aims to reduce data theft with app data and account deletions

Google has made multiple security improvements to the general operation of apps over the last 12 months or so. Its now a little easier to understand what apps want from you. Labels which indicate a level of trustworthiness for developers. Changes made to ensure old, abandoned apps will no longer...

GOM Player 2.3.10.5266 - .fpx Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: GOM Player 2.3.10.5266 - Remote heap corruption .fpx Date: 2017-02-15 Exploit Author: Peter Baris Exploit link: http://www.saptech-erp.com.au/resources/PoC.zip Software Link: http://player.gomlab.com/download.gom?language=eng CVE:...

Pilot CMS Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities. These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot "Ïèëîò" on Russian. It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products:...

D-Link DAP-1360 Abuse / Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...

OpenDocMan 1.2.6.5 - Persistent XSS Vulnerability

No description provided by source. Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...

Android Malware Found Exploiting Google Cloud Messaging Service

Researchers have discovered a number of malicious Android apps are using Google’s Cloud Messaging service and leveraging it as a command and control server to carry out attacks. A post on Securelist today by Kaspersky Lab’s Roman Unuchek, breaks down five Trojans that have been spotted checking i...

Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability

Exploit for php platform in category web applications Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karev...

OpenDocMan 1.2.6.5 Cross Site Scripting

Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link: http://sourceforge.net/projects/opendocman/files/opendocman/1.2.6.5/opendocman-1.2.6.5.zip/download Version...

OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting

OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

[ONSEC-09-010] Undersky CMS SQL injection

ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...

siol-overflow.txt

========================================================================= SiOL komunikator IM ActiveX stack overflow condition ========================================================================= Release date: 30.7.2008 Severity: Moderately critical Impact: Stack overflow Remote: Yes Status:...

serendipityPoC.txt

Serendipity 0.7-beta1 SQL Injection Proof of Concept By aCiDBiTS [email protected] 13-September-2004 "Serendipity http://www.s9y.org/ is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source BSD License." There is no user input sanitation for...