WebKit - enqueuePageshowEvent enqueuePopstateEvent Universal Cross-Site Scripting

WebKit - enqueuePageshowEvent enqueuePopstateEvent Universal Cross-Site Scripting view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem &&...

Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure

Microsoft Windows 7 Kernel - win32k!xxxClientLpkDrawTextEx Stack Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1182 We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other...

login.yorkdispatch.com XSS vulnerability

Vulnerable URL: https://login.yorkdispatch.com/PPYD-GUP/password-forgot/?cancel-url="/alert/openbugbounty/...

flash-plugin: multiple code execution issues fixed in APSB17-07

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution...

UBUNTU-CVE-2017-2994

Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution...

login.yorkdispatch.com XSS vulnerability

Vulnerable URL: https://login.yorkdispatch.com/PPYD-GUP-ET/authenticate/?from-state=returning-user-get-redirect%27%22--%3E%3C/Title/%3E%3C/Script/%3E%3CSvg%20/Onload=confirmOPENBUGBOUNTY%3E= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:|...

python security, bug fix, and enhancement update

2.7.5-48.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-48 - Fix for CVE-2016-1000110 HTTPoxy attack Resolves: rhbz1359164 2.7.5-47 - Fix for CVE-2016-5636: possible integer overflow and heap corruption in zipimporter.getdata Resolves: rhbz1356364 2.7.5-46 - Drop patch 2...

Unspecified Vulnerability in Oracle E-Business Suite Oracle Email Center Component

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's fully integrated set of global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle Email Center is one of the e-mail respon...

Uber: private passenger information is exposed to the Uber Driver app during ride dispatch ("Ping") events

This report highlighted that the Uber Driver app did not anonymize the last name and phone number of the rider...

kensoft CMS SQL Injection Vulnerability

kensoft CMS is a content management system. A SQL injection vulnerability exists in the ft parameter of the dispatch.php page of kensoft Cms, which can be exploited by attackers to obtain sensitive information...

Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

------------------------------------------------------------------------------- Concrete5 installed 329. $response = $this-getEarlyDispatchResponse; 330. 331. if !isset$response 332. $collection = Route::getList; 333. $context = new \Symfony\Component\Routing\RequestContext; 334...

Concrete5 CMS 5.7.3.1 - Application::dispatch Method Local File Inclusion

Concrete5 CMS 5.7.3.1 - Application::dispatch Method Local File Inclusion ------------------------------------------------------------------------------- Concrete5 installed 329. $response = $this-getEarlyDispatchResponse; 330. 331. if !isset$response 332. $collection = Route::getList; 333...

Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion

Exploit for php platform in category web applications ------------------------------------------------------------------------------- Concrete5 installed 329. $response = $this-getEarlyDispatchResponse; 330. 331. if !isset$response 332. $collection = Route::getList; 333. $context = new...

Mac OS X 10.9.5 or later < 10.11.1 Multiple Vulnerabilities

Binary data 9324.prm...

Apple iOS < 9.1 Multiple Vulnerabilities

Binary data 9328.prm...

Apple Safari Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Microsoft Edge Security Mechanism Bypass Vulnerability

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A security mechanism bypass vulnerability exists in Microsoft Edge mishandles exceptions during window-message dispatch operations, allowing remote attackers to...

Security feature bypass

Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."...

CVE-2016-0080

Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."...

brainerddispatch.com XSS vulnerability

Vulnerable URL: http://www.brainerddispatch.com/marketplaceoffers/category/Home%20Improvement%3Cimg%20src=x%20onerror=alert%28'XSSPOSED'%29%3E/ Details: Description| Value ---|--- Patched:| Yes, at 27.03.2016 Latest check for patch:| 27.03.2016 22:27 GMT Vulnerability type:| XSS Vulnerability...