Starbucks: Lack of Controls Allowing for Card and PIN Enumeration Leading to Fraud

Summary: The pages https://www.starbucks.com/account/card/addcard and https://www.starbucks.com/account/card/Balance do not properly enforce security controls to limit POST requests. This bug allows attackers to successfully hijack a loaded Starbucks card and transfer all the funds into their own...

MC Documentation Creator Script - SQL Injection

MC Documentation Creator Script - SQL Injection Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Documentation Creator Script Buy Now: http://microcode.ws/product/mc-documentation-creator-php-script/3890 Author: İhsan Şencan...

aSc Timetables 2017 - Local Buffer Overflow

aSc Timetables 2017 - Local Buffer Overflow Exploit Title: aSc Timetables 2017 input field buffer overflow and code execution Date: 2017-01-12 Exploit Author: Peter Baris Exploit code: http://saptech-erp.com.au/resources/Timetables.zip Exploit documentation:...

Fedora 25 : libpng10 (2016-a4b06a036b)

This update fixes an old NULL pointer dereference bug in pngsettext2 discovered and patched by Patrick Keshishian CVE-2016-10087. The potential 'NULL dereference' bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png...

Fedora 24 : libpng10 (2016-1a7e14d084)

This update fixes an old NULL pointer dereference bug in pngsettext2 discovered and patched by Patrick Keshishian CVE-2016-10087. The potential 'NULL dereference' bug has existed in libpng since version 0.71 of June 26, 1995. To be vulnerable, an application has to load a text chunk into the png...

[SECURITY] Fedora 25 Update: php-zendframework-zend-mail-2.7.2-1.fc25

Zend\Mail provides generalized functionality to compose and send both text and MIME-compliant multipart email messages. Mail can be sent with Zend\Mail via the Mail\Transport\Sendmail, Mail\Transport\Smtp or the Mail\Transport\File transport. Of course, you can also implement your own transport b...

SUSE SLED12 / SLES12 Security Update : samba (SUSE-SU-2016:3272-1)

This update for samba fixes the following issues: Security issues fixed : - CVE-2016-2125: Don't send delegated credentials to all servers. bsc1014441. - CVE-2016-2126: Denial of service due to a client triggered crash in the winbindd parent process. bsc1014442. - CVE-2016-2123: Heap-based Buffer...

CVE-2016-10081

creationtimestamp| type| source ---|---|--- 2016-12-26 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41435...

Remote Code Execution

SECURITY Critical security update for CVE-2016-10033 please update now! Thanks to Dawid Golunski. - Add ability to extract the SMTP transaction ID from some common SMTP success messages - Minor documentation tweaks...

[SECURITY] Fedora 25 Update: msgpuck-1.1.3-1.fc25

MsgPack is a binary-based efficient object serialization library. It enables to exchange structured objects between many languages like JSON. But unlike JSON, it is very fast and small. msgpuck is very lightweight header-only library designed to be embedded to your application by the C/C++...

nje-pass-brute NSE Script

z/OS JES Network Job Entry NJE 'I record' password brute forcer. After successfully negotiating an OPEN connection request, NJE requires sending, what IBM calls, an 'I record'. This initialization record may sometimes require a password. This script, provided with a valid OHOST/RHOST for the NJE...

[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23

The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which continuously adjusts system time and utilities used to query and configure the ntpd daemon. Perl scripts ntp-wait and ntptrace are in the ntp-perl...

NEET - Network Enumeration and Exploitation Tool

Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats. The core scanning engine finds and...

CVE-2015-7855

creationtimestamp| type| source ---|---|--- 2016-11-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40840...

Metasploitable3 - An Intentionally Vulnerable Machine for Exploit Testing

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities. It is intended to be used as a target for testing exploits with metasploit . Metasploitable3 is released under a BSD-style license. See COPYING for more details. Building Metasploitable 3...

Atlassian Confluence AppFusions Doxygen 1.3.x Cross Site Scripting

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AppFusions Doxygen for Atlassian Confluence Vendor URL: www.appfusions.com Type: Cross-site Scripting CWE-79 Date found: 2016-06-29 Date published: - CVSSv3 Score: 6.4...

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal

Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: AppFusions Doxygen for Atlassian Confluence Vendor URL: www.appfusions.com Type: Path Traversal CWE-22 Date found:...

SOL68785753 - ImageMagick vulnerability CVE-2015-8898

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

Fedora 25 : firewalld (2016-4dedc6ec3d)

Fix CVE-2016-5410: Firewall configuration can be modified by any logged in user - firewall/server/firewalld: Make getXSettings and getLogDenied CONFIGINFO - Update AppData configuration file. - tests/firewalldrich.py: Use new import structure and FirewallClient classes - tests/firewallddirect.py:...