CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

CVE-2016-8617

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via CURLOPTUSERNAME...

sRDI - Shellcode Implementation Of Reflective DLL Injection

sRDI allows for the conversion of DLL files to position independent shellcode. Functionality is accomplished via two components: C project which compiles a PE loader implementation RDI to shellcode Conversion code which attaches the DLL, RDI, and user data together with a bootstrap This project i...

Magento MarketPlace T1 - Bypass & Persistent Vulnerability

Document Title: =============== Magento MarketPlace T1 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1902 Release Date: ============= 2018-06-17 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] Fedora 27 Update: nodejs-base64-url-2.2.0-1.fc27

Base64 encode, decode, escape and unescape for URL applications...

[SECURITY] Fedora 28 Update: nodejs-base64-url-2.2.0-1.fc28

Base64 encode, decode, escape and unescape for URL applications...

Healwire Online Pharmacy 3.0 - Cross-Site Scripting Cross-Site Request Forgery

Healwire Online Pharmacy 3.0 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: L0RD Vendor Homepage:...

DEBIAN-CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

UBUNTU-CVE-2018-9133

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions coders/tiff.c, which results in a hang tens of minutes with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file...

Libav 'pcm_encode_frame' function heap out-of-bounds read vulnerability

Libav formerly FFmpeg is Libav team's set of cross-platform audio and video can be recorded, converted to a solution, which includes a libavcodec encoder. A security vulnerability exists in the 'pcmencodeframe' function in the libavcodec/pcm.c file in Libav version 12.2. A remote attacker can...

Laravel Log Viewer 0.13.0 - Local File Download

Laravel Log Viewer 0.13.0 - Local File Download Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1...

Laravel Log Viewer Local File Download

Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1. Description Unauthorized user can access Laravel lo...

UBUNTU-CVE-2017-18246

The pcmencodeframe function in libavcodec/pcm.c in Libav 12.2 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted media file...

Node.js third-party modules: `utile` allocates uninitialized Buffers when number is passed in input

I would like to report an uninitialized Buffer allocation issue in utile. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: utile version: 0.3.0 npm page:...

Kentico CMS 11 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting Reflect Software Link: https://www.kentico.com Exploit Author: Keerati T. CVE: CVE-2018-7205 Category: webapps 1. Description Kentico is the only fully integrated ASP.NET...

laztools.com XSS vulnerability

Open Bug Bounty ID: OBB-563492 Description| Value ---|--- Affected Website:| laztools.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Kentico CMS 11 Cross Site Scripting

Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting Reflect Date: 18-02-2018 Software Link: https://www.kentico.com Exploit Author: Keerati T. CVE: CVE-2018-7205 Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS, E-commerce, and Online Marketing...

CVE-2015-3619

Cross-site scripting XSS vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of firstname, lastname and company."...

CVE-2015-3619

Cross-site scripting XSS vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of firstname, lastname and company."...

[SECURITY] [DLA 1269-1] dokuwiki security update

Package : dokuwiki Version : 0.0.20120125b-2+deb7u2 CVE ID : CVE-2017-18123 Debian Bug : 889281 It was discovered that an XHR/AJAX call did not properly encode user input in the "dokuwiki" wiki platform. This resulted in a reflected file download vulnerability. For Debian 7 "Wheezy", this issue h...