Rockstar Games: Comments Denial of Service in socialclub.rockstargames.com

In this report, the researcher was able to demonstrate a POC utilizing control character injection that disabled a chain of comments in sections of the site containing UGC, particularly Jobs and Job playlists. Although denial-of-service attacks are typically closed as Not Applicable in our progra...

Apple Mac OS X Multiple Vulnerabilities-04 (Feb 2017)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Browser Information Disclosure Vulnerability

An information disclosure vulnerability exists when affected Microsoft scripting engines do not properly handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website that is us...

Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. In a web-based attack scenario, an attacker could host a website used to attempt to exploit the...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the Cisco IOS operating system’s IPv6 component exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to trigger a service failure using a specially crafted ND packet with the Cryptographically Generated Address CGA...

Oracle: Security Advisory (ELSA-2015-0674)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco IOS IPv6 Snooping DoS (cisco-sa-20150923-fhs)

The remote Cisco IOS device missing vendor-supplied security patches, and is configured for IPv6 snooping. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the IPv6 Snooping feature due to missing Control Plane Protection CPPr protection mechanisms. An...

CVE-2015-6279

The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E before 3.7.2E; 3.9S and 3.10S before 3.10.6S; 3.11S before 3.11.4S; 3.12S and 3.13S before 3.13.3...

CVE-2012-2150

xfsmetadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image...

Microsoft Internet Explorer CQuotes Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

All in One SEO Pack information management vulnerability

Overview All in One SEO Pack is a WordPress plugin. All in One SEO Pack automatically adds a meta tag "Meta Description" to a page using some part of its contents, and this behavior is enabled in the initial configuration. Meta Description can be added even when a page is password-protected,...

CVE-2013-4442

Pwgen (Password Generator) prior to version 2.07 was vulnerable because it used weak pseudo-random numbers when /dev/urandom was unavailable, allowing context-dependent attackers to potentially guess generated passwords. Public advisories and OSV/NVD records describe fixes in pwgen-2.07 and later...

MyBloggie 2.1.2/2.1.3 BBCode IMG Tag HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17865/info MyBloggie is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

IT!CMS 0.2 menu-ed.php wndtitle Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25129/info IT!CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues...

Adobe ColdFusion Server <= 8.0.1 wizards/common/_authenticatewizarduser.cfm Query String XSS

No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...

MonoChat 1.0 HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17983/info MonoChat is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script co...

WebCalendar 1.1.6 pref.php Query String XSS

No description provided by source. source: http://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...

Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated...

My Blog 1.63 BBCode HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16659/info My Blog is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplie...

Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16002/info Beehive Forum is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...