734 matches found
Poodle SSLv3 Vulnerability
github.com/jaytaylor/shipbuilder is vulnerable to the poodle SSLv3 vulnerability. It does not disable the use of SSL 3.0 by using proper setting in haproxy configuration...
Denial Of Service (DoS)
github.com/hlandau/acme is vulnerable to denial of service DoS attacks. A malicious user can have multiple clients connect to the redirector system and crash it because the redirector does not have a timeout...
HTTP Header Injection
net/textproto in github.com/golang/go is vulnerable to HTTP header injection attacks. These attacks are possible because it treats spaces as hyphens. This leaves net/textproto vulnerable to request smuggling...
Denial Of Service (DoS)
github.com/kubernetes/kubernetes is vulnerable to denial of service attacks. These attacks can be triggered by invalid JSON data. The invalid JSON data causes github.com/kubernetes/kubernetes to panic and cause a nil pointer dereference causing the master process to crash. This is related to...
Directory Traversal
github.com/appc/docker2aci is vulnerable to directory traversal vulnerabilities. The attacks can be conducted by including .. dot dot in the embedded layer data in an image and allows attackers to write to arbitrary files...
CVE-2016-2562
The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate...
Huawei HG253s V2 Information Disclosure
Huawei HG253s v2 Vodafone-Spain is starting to rent a new Huawei HG253v2 router to the spanish costumers. This new router is coming with a new firmware version. This bug has been found by @VicenDominguez Vulnerability Basically, it is not validating the session cookie in some administration...
XSS vulnerability in login redirect param
Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in 4a00966 Affected versions All versions below 1.15.2 are affected. dev-master is fixed starting from 4a00966 Exploits...
MS13-097 Registry Symlink IE Sandbox Escape
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class Metasploit3...
znc "CWebAdminMod::ChanPage()"空指针引用漏洞
ZNC是一款IRC代理。 ZNC "CWebAdminMod::ChanPage"函数modules/webadmin.cpp存在空指针引用错误,允许攻击者利用漏洞使应用程序崩溃。 0 ZNC 1.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: https://github.com/znc/znc/issues/528...
AneCMS v. 2e2c583 local file containing the defect and repair-vulnerability warning-the black bar safety net
Title: AneCMS v. 2e2c583 LFI exploit Author Author: I2sec-PJH Software development website: https://github.com/AneGroup/AneCMS Affected version: v. 2e2c583 Overview source of index. php page the presence of defects Code analysis is as follows 1. ifisset$GET'p' 2. include './ pages/'.$ GET'p'.'...
Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendo...
FreePBX 2.5.1 - SQL Injection
FreePBX 2.5.1 - SQL Injection Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running...
Unfixed XSS vulnerability at github.com
Security researcher kInGoFcHaOs, has submitted on 22/07/2008 a cross-site-scripting XSS vulnerability affecting github.com, which at the time of submission ranked 136754 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/11/2008. It is currentl...