Markdown To Pdf 输入验证错误漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. An input validation error vulnerability exists in Markdown To Pdf, which stems from the product's use of gray-matter to parse front-end content when th...

graywalkerinteriors.com Improper Access Control vulnerability OBB-2175009

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Remote Code Execution (RCE)

Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. PoC: bash //Before running poc.js: $ cat...

What is a White Hat Hacker❓ | Ethical Hackers

Introduction White Hat programmers or hackers are individuals that do security assessments as a component of a business course of action. Albeit this idea is helpful in many cases, it has no legitimate or moral ramifications. When differentiated to the meaning of Black Hat, this nonappearance...

ALPINE-CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

PYSEC-2021-138

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

Telegram 缓冲区错误漏洞

Telegram is an instant messaging mobile application. A stack overflow vulnerability exists in the custom derived graysplitcubic function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior to 7.1. An attacker can exploit this...

UBUNTU-CVE-2021-25288

An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2kugrayi...

[SECURITY] Fedora 33 Update: leptonica-1.80.0-3.fc33

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

Denial Of Service (DoS)

Qt is vulnerable to denial of serviceDoS. A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrar...

This Week in Security News: Gray Alerts and Wormable Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the new wormable malware that’s dropping a Monero miner in web servers, networks and removable drivers. Also, read about the bes...

Gray Day: My Undercover Mission To Expose America’s First Cyber Spy

Who is Eric O’Neill? Eric O’Neill serves as Carbon Black’s national security strategist where he is a thought leader on a wide range of issues including counterterrorism and national security matters. Prior to this, he was as an operative for the FBI, where he conducted national security field...

OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...

deborahgraydesign.com XSS vulnerability

Open Bug Bounty ID: OBB-694829 Description| Value ---|--- Affected Website:| deborahgraydesign.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1275 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1275 Source advisory: OSV:GHSA-3RMV-2PG5-XVQJ...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=3.4.0), ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base (>=3.1.0 <=3.4.0) +463 more potentially affected by CVE-2018-1270 via org.springframework:spring-messaging (>=5.0.0.RELEASE <=5.0.4.RELEASE)

org.springframework:spring-messaging MAVEN version =5.0.0.RELEASE, =3.1.0, =0.2.0, =B.0.0.1, =B.0.0.1, =B.0.0.6 and more Source cves: CVE-2018-1270 Source advisory: OSV:GHSA-P5HG-3XM3-GCJG...

White hat, black hat, and the emergence of the gray hat: the true costs of cybercrime

This post was written by Michael Osterman of Osterman Research. Osterman Research recently completed a major survey on behalf of Malwarebytes to determine the actual cost of cybercrime to businesses. Many studies have focused on the cost of lost reputation, lost future business, and other...

gray-lightaviation.com XSS vulnerability

Open Bug Bounty ID: OBB-624647 Description| Value ---|--- Affected Website:| gray-lightaviation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

UBUNTU-CVE-2018-11213

An issue was discovered in libjpeg 9a. The gettextgrayrow function in rdppm.c allows remote attackers to cause a denial of service Segmentation fault via a crafted file...

grayacademy.ca XSS vulnerability

Open Bug Bounty ID: OBB-556222 Description| Value ---|--- Affected Website:| grayacademy.ca Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...