CVE-2017-13262

In bnepdataind of bnepmain.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

CVE-2018-9175

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...

CVE-2018-9175

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...

PT-2018-4199 · Intel +1 · Thermal +1

Name of the Vulnerable Software and Affected Versions: thermald affected versions not specified Description: The issue allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid, potentially leading to unauthorized data modification. This is due to a flaw in the main...

Design/Logic Flaw

dsmall v20180320 allows XSS via the main page search box at the public/index.php/home URI...

main-rutor.org XSS vulnerability

Open Bug Bounty ID: OBB-583033 Description| Value ---|--- Affected Website:| main-rutor.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mainbeachqueensland.com.au XSS vulnerability

Open Bug Bounty ID: OBB-576594 Description| Value ---|--- Affected Website:| mainbeachqueensland.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Denial of Service Vulnerability in SoftZone Office

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in SoftZone Office when opening the main interface of TextMaker.exe. An attacker can exploit the...

Denial of Service Vulnerability in WPS Office 2016 Personal Edition, Enterprise Edition and Kingsoft pdf (CNVD-2018-04657)

WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A denial of service vulnerability exists in WPS Office 2016 Personal Edition, Enterprise...

main-echo.de Open Redirect vulnerability

Open Bug Bounty ID: OBB-565733 Description| Value ---|--- Affected Website:| main-echo.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Snapchat: Takeover 2 MAIN DOMAINS of a company Acquired by Snapchat

Hi, As you may realize I noted "Domain" and not subdomain because actually, I was able to take over the MAIN domain of a company Acquired by Snapchat. As you can see in the screenshot below, when you type "Addlive" in Google https://goo.gl/EAxBaj , the first two results will be: F261984 First one...

roxy.fr XSS vulnerability

Open Bug Bounty ID: OBB-551270 Description| Value ---|--- Affected Website:| roxy.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

glibc - getcwd() Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall...

CVE-2017-17827

Piwigo 2.9.2 is vulnerable to Cross‑Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions. The connected records consistently describe this CSRF issue ...

CVE-2017-16377

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized in...

GraphicsMagick Memory Disclosure / Heap Overflow

'''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is aThe swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeleras SLOCCount of source code in the base package or 1,225K including...

GraphicsMagick - Memory Disclosure / Heap Overflow Exploit

Exploit for multiple platform in category dos / poc '''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of...

GraphicsMagick - Memory Disclosure Heap Overflow

GraphicsMagick - Memory Disclosure Heap Overflow '''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of...

phpMyFaq admin/tags.main.php file cross-site scripting vulnerability

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site scripting vulnerability exists in th...

phpMyFAQ cross-site request forgery vulnerability (CNVD-2017-32428)

phpMyFAQ is phpMyFAQ team developed a set of open source fully database-driven FAQ question and answer system . The system supports multiple languages, multiple databases, etc., and includes modules such as content management system and community. A cross-site request forgery vulnerability exists...