Cacti XSS Vulnerability - Linux

Cross-site scripting XSS vulnerability in link.php in Cacti allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the diehtmlinputerror function in lib/htmlvalidate.php. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be...

Mautic <= 1.4.1 Multiple CSRF Vulnerabilities

Mautic is prone to multiple cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-9527

The markcontextstack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service heap-based use-after-free and application crash or possibly have unspecified other impact via a crafted .rb file...

shopify-scripts: Heap Overflow in fiber_switch triggered from Fiber.transfer

It appears as if my recommendations were ignored in the GitHub issue, so I've repeated the issue here. PoC Fiber.new.transfer 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0 Explanation The cause of this is th...

shopify-scripts: Invalid Pointer reference in L_RESCUE

@ssarong reported an input that triggers an out-of-bounds read: https://github.com/mruby/mruby/issues/3603 This issue was addressed upstream in https://github.com/mruby/mruby/commit/761493934e19d1a6edea53e9fbdb39eb78ef898e...

shopify-scripts: Garbage collector crash

This github issue-tt != MRBTTFREE' failed. Aborted The issue was reintroduced in ecee8c51b0ad8cddd9e422a3e5105f902d7e2781 and is still present in 051e40c0493f2de332f5439e3230c9fe6958bf1a. The issue is fixed by reverting ecee8c51b0ad8cddd9e422a3e5105f902d7e2781. Thank you, Dinko Galetic Denis Kasa...

Arbitrary Code Injection

Overview mobile-icon-resizer resizes large images for use as icons for iOS and Android. mobile-icon-resizer has a code execution vulnerability in versions before 0.4.3. mobile-icon-resizer takes an options object as an argument to define the resulting icons as such: var options = config:...

shopify-scripts: mrb_vm_exec - null ptr dereference

Linux Ubuntu Xenial x64 commit ffdf7be7235717fb1cd30e54c24c5383f705f110 Author: Yukihiro "Matz" Matsumoto Date: Thu Mar 2 20:38:16 2017 +0900 Probably related with https://github.com/mruby/mruby/issues/3389 Old PoC 0.instanceeval super New PoC p.instanceeval super 1 ++1 output...

CVE-2016-6161

The output function in gdgifout.c in the GD Graphics Library aka libgd allows remote attackers to cause a denial of service out-of-bounds read via a crafted image...

Monstra CMS 3.0.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.3 - Privilege Escalation / Remote Password Change Google Dork: intext:"Powered by Monstra"/users/registration Date: 2016-03-28 Exploit Author: Sarim Kiani Vendor Homepage: http://monstra.org Software Link:...

Authentication Bypass

Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...

CVE-2015-8926

The archivereadformatrarreaddata function in archivereadsupportformatrar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service crash via a crafted rar archive...

jSQL Injection v0.73 - Java Tool For Automatic SQL Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free , open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL is part of Kali Linux , the official new BackTrack penetration distribution. jSQL is also included in Black Ha...

jsDelivr: Pretty Photo Dom XSS

Hi Team, Javascript for http://www.jsdelivr.com/!prettyphoto hosted on the website points to 3.1.5 which is vulnerable to DOMXSS the upstream released an update 3.1.6 7 days back still the CDN is serving vulnerable edition effectively making all the websites vulnerable to DoMXSS Details about the...

Minix 3.3.0 - Remote TCPIP Stack Denial of Service

Minix 3.3.0 - Remote TCPIP Stack Denial of Service / ------------------------------------------------------- ||------+ MINIX =--|| ||--= Nov 2014 =--|| ||--= Mexico =--|| -- MINIX IS PRONE TO DENIAL OF SERVICE IN THE TCP/IP STACK /service/inet BY SENDING A SINGLE TCP PACKET WITH A MALFORMED TCP...

ArticleFR 3.0.4 SQL Injection Vulnerability

ArticleFR version 3.0.4 suffers from a remote SQL injection vulnerability. Product: ArticleFR Vendor: Free Reprintables Vulnerable Versions: 3.0.4 and probably prior Tested Version: 3.0.4 Advisory Publication: July 23, 2014 without technical details Vendor Notification: July 23, 2014 Public...

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

Netgear WNDAP350 / WN604 Wireless Access Point Multiple Information Disclosure Vulnerabilities - Active Check

Various Netgear wireless access point devices are prone to multiple remote information disclosure issues because they fail to restrict access to sensitive information. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...