UBUNTU-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

June Patch Tuesday – New Speculative Store Bypass Fixes, Adobe Vulns

June's Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited. Speculative Store Bypass Microsoft...

olivibra.ru XSS vulnerability

Open Bug Bounty ID: OBB-630251 Description| Value ---|--- Affected Website:| olivibra.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2016-10685

pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on...

CVE-2016-10606

grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...

CVE-2016-10602

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned...

xmlrpc security update

CentOS Errata and Security Advisory CESA-2018:1780 An update for xmlrpc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

XML External Entity (XXE)

Apache Solr is vulnerable to XML enternal entity XXE injection. The attack is possible because Solr config files are accessible through API if Xinclude is enabled. Using file/ftp/http protocols, arbitrary files from the Solr server can be exposed...

[SECURITY] Fedora 28 Update: wget-1.19.5-1.fc28

GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you are logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest wit...

Monero: epee will accept an arbitrary amount of leading line-breaks in an http request

Summary: In the epee http protocol handler, as it reads a new request, it first attempts to ignore any leading carriage-returns and line-feeds. It does not have a mechanism to give up if an inordinate number of CrLfs are encountered. Description: The pertinent block of code is here:...

CVE-2017-8154

The Themes App Honor 8 Lite Huawei mobile phones with software of versions before Prague-L31C576B172, versions before Prague-L31C530B160, versions before Prague-L31C432B180 has a man-in-the-middle MITM vulnerability due to the use of the insecure HTTP protocol for theme download. An attacker may...

Xxe

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

CVE-2018-1308

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

Web Form Sending Credentials Using GET (PCI-DSS check)

The remote web application has a form that sends credentials using an HTTP GET request. This can cause sensitive information such as usernames and passwords to be logged by the server in access logs. Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission...

UBUNTU-CVE-2018-1302

When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter...

Frontier Silicion Internet Radio Detection

This script performs HTTP based detection of a Frontier Silicion Internet Radio. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

amazoo.co.il XSS vulnerability

Open Bug Bounty ID: OBB-581863 Description| Value ---|--- Affected Website:| amazoo.co.il Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

TextPattern 4.6.2 - 'qty' SQL Injection

============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474 ============================================= I...

TextPattern 4.6.2 - qty SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...

[SECURITY] Fedora 27 Update: sblim-sfcb-1.4.9-9.fc27

Small Footprint CIM Broker sfcb is a CIM server conforming to the CIM Operations over HTTP protocol. It is robust, with low resource consumption and therefore specifically suited for embedded and resource constrained environments. sfcb supports providers written against the Common Manageability...