CVE-2019-13989

dpic 2019.06.20 has a Stack-based Buffer Overflow in the wfloat function in main.c...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Fedora 30 : mod_http2 (2019-08e57d15fd)

Code cleanups and Simplifications : - in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. - Discarding idea of re-using bucket beams a...

SSHD-Poison - A Tool To Get Creds Of Pam Based SSHD Authentication

sshd-poison is a tool to get creds of pam based sshd authentication, this is not the easiest way to do that you can create a pam module, or just add auth optional pamexec.so quiet exposeauthtok /bin/bash -c read,-r,x;echo,-e,"env\n$x"somefile in a service configuration, not even the stealthiest t...

Mozilla: Use-after-free in XMLHttpRequest

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

UBUNTU-CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

Zeebsploit - Web Scanner / Exploitation / Information Gathering

zeebsploit is a tool for hacking searching for web information and scanning vulnerabilities of a web Installation & Usage apt-get install git git clone https://github.com/jaxBCD/Zeebsploit.git cd Zeebsploit chmod +x install ./install python3 zeebsploit.py type 'help' for show modules and follow...

QRLJacker v2.0 - QRLJacking Exploitation Framework

QRLJacker is a highly customizable exploitation framework to demonstrate "QRLJacking Attack Vector" to show how it is easy to hijack services that depend on the QR Code as an authentication and login method, Mainly it aims to raise security awareness regarding all the services using the QR Code a...

Local File Inclusion

jspwiki-main is vulnerable to local file inclusion. An attacker is able to retrieve registered user details using a malicious URL to access files under the ROOT directory...

CVE-2019-9083

SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued...

UBUNTU-CVE-2018-20806

Phamm aka PHP LDAP Virtual Hosting Manager 0.6.8 allows XSS via the login page the /public/main.php action parameter...

CVE-2019-9765

Blog_mini 1.0 is affected by an XSS vulnerability that arises when a comment reply author name is not properly sanitized in app/main/views.py articleDetails(), with the issue referencing app/templates/_article_comments.html. This could allow injected scripts via the author name field as part of a...

Design/Logic Flaw

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...

CVE-2019-8363

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...

CVE-2019-8363

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=indexXSS value...

Updated radvd packages fix security vulnerability

A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...

Cross-site Scripting (XSS)

croogo is susceptible to cross-site scripting XSS attack. The vulnerability exists because it does not sanitize the value of Title field in the Main Menu page, allowing the attacker to inject malicious payload through it...

PuTTY (European Commission - DIGIT): heap-use-after-free (READ of size 8) in main()

Summary: After downloading putty-0.70-2019-01-17.53747ad.tar.gz, I compiled it on Debian 9 with Clang-8.0.0 and AddressSanitizer and while trying to extract a public key from a crafted key, I triggered a heap-use-after-free in main. Description: add more details about this vulnerability Steps To...

Denial Of Service (Dos)

httpd is vulnerable to denial of service. Whitespace characters from CDATA sections are not properly removed in the davxmlgetcdata function in main/util.c, which would allow remote attackers to crash the daemon via a malicious DAV WRITE request...

OLX: XSS - main page - search[user_id] parameter

Hi, how you doing? This is a pretty straight foward XSS in the main page. Affected parameter: searchuserid Direct Link: https://www.olx.pt/braga/?searchuserid=1zqjeu'":/1zqjeu;9, ;prompt9;&view=galleryWide Tested in updated firefox. Impact XSS allows a intruder to inject html and client side...