88 matches found
Bruce Lee: Enter The Game - Customized SSL, WebView SSL handling enabled, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Bruce Lee: Enter The Game published at the 'play' market has multiple vulnerabilities...
Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced
In the end, it was a nail-biter pitting Tencent Security Team Sniper KeenLab and PC Manager against JungHoon Lee lokihardt for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a...
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)
Usual Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... tl;dr The OpenSSL 1.0.2 releases suffer from a Key Recovery Attack on DH small subgroups. This issue got assigned CVE-2016-0701 with a severity of High and OpenSSL...
Administration Views - Critical - Information Disclosure - SA-CONTRIB-2015-132
Administration Views module replaces overview/listing pages with actual views for superior usability. The module does not check access properly under certain circumstances. Anonymous users could get access to read information they should not have access to. CVE identifiers issued CVE-2015-7226...
Chrome, Firefox, Safari and IE – All Browsers Hacked at Pwn2Own Competition
The Annual Pwn2Own Hacking Competition 2015 held in Vancouver is over and participants from all over the world nabbed $557,500 in bug bounties for 21 critical bugs in top four web browsers as well as Windows OS, Adobe Reader and Adobe Flash. During the second and final day of this year’s hacking...
Linux/MIPS Little Endian - Chmod 666 /etc/passwd 55 Bytes
Linux/MIPS Little Endian - Chmod 666 /etc/passwd 55 Bytes. Shellcode exploit for linuxmips platform include / Title: Linux/MIPS Little Endian - chmod 666 /etc/passwd - 55 bytes Date: 2015-03-05 Author: Sang-Min LEE Email: [email protected] Blog: http://smleenull.tistory.com / char sc =...
SA-CONTRIB-2014-094 - Webform Patched - Cross Site Scripting (XSS)
The Webform Patched module is a fork of the Webform module with Token support added. The module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have...
SA-CONTRIB-2014-018 - Webform - Cross Site Scripting (XSS)
The Webform module enables you to create forms which can be used for surveys, contact forms or other data collection throughout your site. The module doesn't sufficiently sanitize field label titles when two fields have the same formkey, which can only be managed by carefully crafting the webform...
SA-CONTRIB-2014-019 - Easy Social - Cross Site Scripting (XSS)
This module enables you to add social sharing widgets to your content and pages. The module doesn't sufficiently validate block titles when a user creates a custom block from within the module's admin interface. This vulnerability is mitigated by the fact that an attacker must have a role with th...
SA-CONTRIB-2014-006 - Language Switcher Dropdown - Open Redirect
The Language Switcher Dropdown module enables you to place a block with a convenient drop-down language switcher. After choosing a value the user is redirected to the url of the relevant language. The module doesn't check that the url provided is a valid internal path prior to redirecting. CVE...
CentOS Update for firefox CESA-2013:1476 centos6
Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:1476 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
SA-CONTRIB-2013-084 - FileField Sources - Access Bypass
This module expands on the FileField module by allowing you to select new or existing files through additional means, such as re-using files with an auto-complete textfield, attaching server-side files uploaded via FTP, transferring file files from a remote server, pasting a file directly from th...
SA-CONTRIB-2013-055 - Hatch - Cross Site Scripting
Hatch theme is a simple and minimal portfolio theme for photographers, illustrators, designers, or photobloggers. The theme didn't sufficiently escape user supplied text prior to printing them. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...
SA-CONTRIB-2013-001 - Search API - Cross Site Scripting
This module enables you to build searches using a wide range of features, data sources and backends. The module doesn't sufficiently sanitize user input when displaying errors in a view with certain backends, including the database backend. This enables attackers to create a Reflected Cross Site...
SA-CONTRIB-2012-152 - Feeds - Access bypass
The feeds module enables you to import or aggregate data as nodes, users, taxonomy terms or simple database records. The module doesn't sufficiently check permissions when creating nodes on behalf of a user. This vulnerability is mitigated by the fact that an attacker must have control over the...
ForeScout CounterACT reflected XSS vulnerability
Overview The ForeScout CounterACT appliance contains reflected cross-site scripting XSS vulnerabilities. Description The web interface of the ForeScout CounterACT appliance contains reflected XSS vulnerabilities CWE-79. The following are a couple...
Cyber Warfare - The Hacker News Magazine April 2012 Edition | Issue 10
Cyber Warfare - The Hacker News Magazine April 2012 Edition Call it Cyber Warfare, Terrorism, Computer Mania this month The Hacker News turns over every leaf of the newest way world citizens are fighting wars and using their keyboards to destroy planet earth. Most call it Cyber Warfare and we are...
ManageEngine Service Desk Plus 8.0 Directory Traversal
Software Link: http://www.manageengine.com/products/service-desk/91677414/ManageEngineServiceDeskPlus.exe Version: 8.0 + Introduction Directory traversal vulnerabilities has been found in ManageEngine ServiceDesk Plus 8.0 a web based helpdesk system written in Java. The vulnerability can be...
Drupal Privatemsg Module Security Bypass Security Issue
No description provided by source. A security issue has been reported in the Privatemsg module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The security issue exists due to improper access permission checks in the Email Notification...
SA-CONTRIB-2010-038 - Privatemsg - Access bypass
The Privatemsg module allows to send private messages between users. Additionally, the sub module Privatemsg Email Notification sends e-mail notification when such a message is sent. The page to configure the template for these e-mails does not use the correct access permission which allows all...