UBUNTU-CVE-2018-14883

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exifthumbnailextract of exif.c...

openvswitch/flow_extract_fuzzer: Heap-buffer-overflow in parse_icmpv6

Project: https://github.com/openvswitch/ovs.git Detailed report: https://oss-fuzz.com/testcase?key=5457710546944000 Project: openvswitch Fuzzer: libFuzzeropenvswitchflowextractfuzzer Fuzz target binary: flowextractfuzzer Job Type: libfuzzerasanopenvswitch Platform Id: linux Crash Type:...

Devploit v3.6 - Information Gathering Tool

Devploit is a simple python script to Information Gathering. Download: git clone https://github.com/joker25000/Devploit How to use: cd Devploit chmod +x install ./install Run in Terminal Devploit To run in Android you do not install file Run direct python2 Devploit Properties: DNS Lookup Whois...

Security Bulletin: OPEN Source Apache Struts Vulnerabilities IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC (CVE-2016-4003)

Summary Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

source-to-image: Improper path sanitization in ExtractTarStreamFromTarReader in tar/tar.go

A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x. An improper path validation of tar files in ExtractTarStreamFromTarReader in tar/tar.go leads to privilege escalation...

tcpdump: Heap buffer overflow in the EXTRACT_16BITS function

tcpdump 4.9.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via crafted packet data. The crash occurs in the EXTRACT16BITS function, called from the stpprint function for the Spanning Tree Protocol...

Diggy - Extract Enpoints From APK Files

Diggy can extract endpoints/URLs from apk files. It saves the result into a txt file for further processing. Dependencies apktool Usage ./diggy.sh /path/to/apk/file.apk You can also install it for easier access by running install.sh After that, you will be able to run Diggy as follows: diggy...

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

CVE-2018-8711

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

Input validation

A local file inclusion issue was discovered in the WooCommerce Products Filter aka WOOF plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woofredrawwoof action. The vulnerability is due to the lack of args/input validation on renderhtml before allowing it to be...

[SECURITY] Fedora 26 Update: freexl-1.0.5-1.fc26

FreeXL is a library to extract valid data from within an Excel spreadsheet .xls Design goals: simple and lightweight stable, robust and efficient easily and universally portable completely ignore any GUI-related oddity...

DEBIAN-CVE-2018-7648

An issue was discovered in mj2/opjmj2extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line...

CVE-2017-2744

The vulnerability allows attacker to extract binaries into protected file system locations in HP Support Assistant before 12.7.26.1...

Synology DiskStation Manager Directory Traversal Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music and more. A directory traversal vulnerability exists in SYNO.FileStation.Extract in Synology DSM versions 6.0.x...

UBUNTU-CVE-2017-17682

In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in the function ExtractPostscript in coders/wpg.c, which allows attackers to cause a denial of service CPU exhaustion via a crafted wpg image file that triggers a ReadWPGImage call...

Synology Router Manager Path Traversal Vulnerability

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology. A directory traversal vulnerability exists in SYNO.FileStation.Extract in versions of SRM prior to 1.1.5-6542-4. A remote attacker can exploit this vulnerability to write arbitrary files with th...

CVE-2017-15895

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology Router Manager SRM before 1.1.5-6542-4 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...

CVE-2017-15893

Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology File Station before 1.1.1-0099 allows remote authenticated users to write arbitrary files via the destfolderpath parameter...

PT-2017-14272 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.0.x before 6.0.3-8754-3 Synology DiskStation Manager DSM versions 5.2-5967-6 and earlier Description: A directory traversal issue in the SYNO.FileStation.Extract component allows remote authenticate...