Remote Code Execution (RCE)

Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The library interpreter contains a Implicit call bypass in GlobalOpt.cpp, allowing a malicious user to inject and execute arbitrary code...

CVE-2018-1000125

inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack...

Doorkeeper gem has stored XSS on authorization consent view

Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization link...

Microsoft Edge Chakra JIT - Memory Corruption

/ Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall // For now, we will not allow Function that is marked...

Microsoft Edge Chakra JIT - Memory Corruption

Microsoft Edge Chakra JIT - Memory Corruption / Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall // For...

SUSE-SU-2017:2932-1 Security update for SuSEfirewall2

This update for SuSEfirewall2 fixes the following issues: - CVE-2017-15638: Fixed a security issue with too open implicit portmapper rules bsc1064127: A source net restriction for rpc services was not taken into account for the implicitly added rules for port 111, making the portmap service...

actionpack Path Traversal vulnerability

Directory traversal vulnerability in actionpack/lib/abstractcontroller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files...

python security and bug fix update

2.7.5-58.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-58 - Set stream to None in case an open fails. Resolves: rhbz1432003 2.7.5-57 - Fix implicit declaration warnings of functions added by patches 147 and 265 Resolves: rhbz1441237 2.7.5-56 - Fix shutil.makearchive...

Automated posting on Vkontakte public pages using VK API and Python

Vk.com Vkontakte is the most popular social network Russia and Ex-USSR with 430+ million users. Originally it was a Facebook clone. But now, after 10 years of development, these two services are quite different from each other. Traditional advantages of vk.com - huge amount of free music and vide...

An error during signature verification can be treated as a successful verification.

Security update for signature validation on LogoutRequest/LogoutResponse. In order to verify Signatures on Logoutrequests and LogoutResponses we use the verifySignature of the class XMLSecurityKey from the xmlseclibs library. That method end up calling opensslverify depending on the signature...

CVE-2016-6636

The OAuth authorization implementation in Pivotal Cloud Foundry PCF before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before...

rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url

It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the restproxycallgeturl call. An attacker could use this flaw to crash an application using the librest library...

CVE-2015-5661

The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application...

CVE-2015-5661

The CVE-2015-5661 entry concerns AirDroid for Android (SAND STUDIO) and its mishandling of implicit intents. Affected software: AirDroid for Android, version 1.1.0 and earlier. Root cause: improper handling of implicit intents that enables an attacker to obtain sensitive information through a cra...

CVE-2015-5661

The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application...

AirDroid for Android vulnerable in handling of implicit intents

Overview AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Gaku Mochizuki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Information in AirDroid may ...

JVN#37825153: AirDroid for Android vulnerable in handling of implicit intents

AirDroid for Android provided by SAND STUDIO contains a vulnerability in the handling of implicit intents. Impact Information in AirDroid may be leaked to a third party through a malicious Android application. Solution Update the Software Update to the latest version according to the information...

DEBIAN-CVE-2014-8147

The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode ICU before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service...

International Components for Unicode Heap Buffer Overflow Vulnerability

International Components for Unicode is a mature and widely used set of libraries and tools for Unicode support, software internationalization and software globalization. A heap buffer overflow vulnerability exists in versions prior to ICU 55.1, which stems from an error in the...

tipask注入漏洞

简要描述： sql注入漏洞（2次注入） 详细说明： 官方最新源码测试 在control中answer.php中 追问模块---追问 / function onappend $this-load"message"; $qid = intval$this-get2 ? $this-get2 : intval$this-post'qid'; $aid = intval$this-get3 ? $this-get3 : intval$this-post'aid'; $question = $ENV'question'-get$qid; $answer = $ENV'answer'-get$aid...