en.thinkexist.com Cross Site Scripting vulnerability OBB-2136440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte

✍️ Description Reflected XSS on any POST parameters with a correct token on /admin/settings.php When field is not in the defined list , $debug value is set to true , and the $POST is dumped without filtering 🕵️‍♂️ Proof of Concept 1. Login as admin 2. Settings - Flush log 3. replace field with XSS...

UBUNTU-CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

CVE-2021-1562

A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can...

S3-Account-Search - S3 Account Search

This tool lets you find the account id an S3 bucket belongs too. For this to work you need to have at least one of these permissions: Permission to download a known file from the bucket s3:getObject. Permission to list the contents of the bucket s3:ListBucket. Additionally, you will need a role...

Brocade Configuration Importer

This module imports a Brocade device configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brocade Configuration Importer', 'Description' = %q This module imports a Brocade device...

haproxy security, bug fix, and enhancement update

1.8.23-3 - Fix hapack zero byte input causing overwrite CVE-2020-11100, 1819519 1.8.23-2 - Consider exist status 143 as success 1778844 1.8.23-1 - Update to 1.8.23 1774745...

exist-db:exist-core XML External Entity (XXE) vulnerability

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

GHSA-JXM5-5XCW-H57Q exist-db:exist-core XML External Entity (XXE) vulnerability

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

Xxe

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

KLA11888 Multiple vulnerabilties in Microsoft SQL Server

An information disclosure vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2018-8527 CVE-2018-8532 CVE-2018-8533 Exploitation Public exploits exist for this vulnerability. Related products...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

KLA11170 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information. Below is a complete list of vulnerabilities: 1. Elevation of privilege vulnerabilities in...

KLA11074 Multiple vulnerabilities in Oracle VM VirtualBox

Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to to cause a denial of service, read and write accesible data and possibly to obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple...

KLA11058 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of...

HackerOne: HackerOne Private Programs users disclosure and de-anonymous-ize

Hi HackerOne Team, I have found a bug in HackerOne Platform allows any attacker to deanonymousize any security researcher using the platform and the most wild usage is to disclose some information about this security researcher if he is invited to a private program or not. Unfortunately HackerOne...

PT-2014-4860 · Python +2 · Python +2

Name of the Vulnerable Software and Affected Versions: Python versions 3.2 through 3.5 Description: A race condition exists in the get masked mode function in Lib/os.py, which can be exploited by local users to bypass intended file permissions. This issue arises when exist ok is set to true and...

KLA10588 Multiple vulnerabilities in Wireshark

Buffer overflow vulnerabilities were found in Wireshark. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed packet trace. Original advisories WNPA advisory Exploitation...

Seagate BlackArmor权限提升漏洞

No description provided by source. ?php Seagate Black Armor Exploit by J. Diel [email protected] Public Release v0.2 abstract class MD5Decryptor abstract public function probe$hash; public static function plain$hash, $class = NULL if $class === NULL $class = getcalledclass; else $class =...

KLA10078 DoS vulnerability in B-e-soft Artweaver

A buffer overflow vulnerability was found in Artweaver. By exploiting this vulnerability malicious users can cause denial of service and possibly execute arbitrary code. This vulnerability can be exploited from the network at a point related to unknown applications via a specially designed AWD...