ownagepranks.com XSS vulnerability

Vulnerable URL: http://ownagepranks.com/search?cx=006151805277892015500%3Awrsmrhu-hc=...

itBit Exchange: Round error issue -> produce money for free

Due to not proper transfer functionality implementation attacker can produce round error issue. In other words - "make money". Pre-requirements: - attacker has two accounts - one of it is founded Let's look closer: Start balance is : account1 XBT - 100000.00000006 account2 XBT - 0 F128514 Transfe...

Cumulative update for Windows 10: October 11, 2016

Cumulative update for Windows 10: October 11, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10. It also resolves the following vulnerabilities in Windows: 3193229 MS16-125: Security update for diagnostics hub: October 11, 2016 3193227 MS16-124:...

[SECURITY] Fedora 25 Update: libsemanage-2.5-8.fc25

Security-enhanced Linux is a feature of the Linux=EF=BF=BD=EF=BF=BD kernel and a number of utilities with enhanced security functionality designed to add mandatory access controls to Linux. The Security-enhanced Linux kernel contains new architectural components originally developed to improve th...

europe.autonews.com XSS vulnerability

Vulnerable URL: http://europe.autonews.com/apps/pbcs.dll/search?q=OPENBUGBOUNTY"...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

boutiqueanglaise.com XSS vulnerability

Vulnerable URL: http://www.boutiqueanglaise.com/achat/recherche.html?motclef=Hello%3Csvg%2Fonload%3Dalert%28%2FOPENBUGBOUNTY%2F%29%3E=Rechercher Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

Smart Access Control Policy Not Working on XenApp Server

A customer was trying to launch a Citrix session and trying to copy data from the the Citrix session to clipboard on their local machine. They have a smart access policy on the XenApp server to block this clipboard functionality when traffic is coming from Access Gateway Citrix Gateway:...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1128)

MozillaFirefox was updated to version 49.0 boo999701 - New features - Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. - Added features to Reader Mode that make it easier on the eyes and the ears - Improved video performance for users on systems that support SSE3 witho...

CVE-2016-5395

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

MSI NTIOLib.sys / WinIO.sys Local Privilege Escalation

Exploit Title: MSI NTIOLib.sys, WinIO.sys local privilege escalation Date: 2016-09-26 Exploit Author: ReWolf Vendor Homepage: http://www.msi.com Version: too many Tested on: Windows 10 x64 TH2, RS1 Full description: http://blog.rewolf.pl/blog/?p=1630 Exploit github repo:...

[SECURITY] Fedora 24 Update: php-horde-Horde-Core-2.26.1-1.fc24

These classes provide the core functionality of the Horde Application Framework...

[SECURITY] Fedora 23 Update: php-horde-Horde-Core-2.26.1-1.fc23

These classes provide the core functionality of the Horde Application Framework...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

MariaDB 10.1.0 < 10.1.17

The version of MariaDB installed on the remote host is prior to 10.1.17. It is, therefore, affected by a vulnerability as referenced in the 10.1.17 advisory. - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x...

ffcc.fr XSS vulnerability

Vulnerable URL:...

arcancil.com XSS vulnerability

Vulnerable URL: http://www.arcancil.com/fr/recherche?orderby=position=descquery=%3Cimg+src%3Dx+onerror%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3Esearch=OK Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

SecNews: DOM based XSS in search functionality

Overview === Search query is inserted into the HTML of the page without proper encoding. Specifically, a single-quote is not html-encoded albeit escaped, even twice, which allows the attacker to break out of the HTML attribute and inject arbitrary tags. html curl -s...

[SECURITY] Fedora 25 Update: php-horde-Horde-Core-2.26.1-1.fc25

These classes provide the core functionality of the Horde Application Framework...

CVE-2016-3898

Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows attackers to cause a denial of service loss of locked-screen 911 TTY functionality via a crafted application that modifies the TTY mode by broadcasting an intent, aka internal bug...