Cross site request forgery (csrf)

In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...

Memory Corruption Vulnerability in WPS Forms (CNVD-2017-34135)

WPS Office is an office software suite developed independently by Kingsoft Corporation. A memory corruption vulnerability exists in the etmain module of the form et.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service or code execution...

main-rutor.org XSS vulnerability

Open Bug Bounty ID: OBB-322550 Description| Value ---|--- Affected Website:| main-rutor.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

main-spitze.de XSS vulnerability

Open Bug Bounty ID: OBB-317861 Description| Value ---|--- Affected Website:| main-spitze.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

mainroads.wa.gov.au XSS vulnerability

Vulnerable URL: https://www.mainroads.wa.gov.au/BuildingRoads/StandardsTechnical/RoadandTrafficEngineering/TrafficManagement/Pages/home.aspx?FollowSite=0=%27-confirm%27OPENBUGBOUNTY%27-%27 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 22.12.2017 Vulnerability type:| XS...

New Relic: [Synthetics/Infrastructure/everything] Individual account permissions are not properly managed and inherited on sub accounts

I've been poking around with sub accounts since I exploited 219356 and gave myself access to New Relic pro features, and I found a few things that seem to be overlooked after the user management overhaul that happened about a few weeks ago. When you have a sub account on your account, you get thi...

CVE-2017-14262

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter...

Code injection

In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree...

Tinyproxy main.c File Denial of Service Vulnerability

Tinyproxy is a small HTTP proxy program available for Windows, Linux and Unix systems. A security vulnerability exists in the main.c file in Tinyproxy 1.8.4 and earlier versions. A local attacker can exploit this vulnerability to terminate arbitrary processes...

cola.kku.ac.th XSS vulnerability

Vulnerable URL: http://cola.kku.ac.th/main/page.php?id=177?%22%27--!%3E%3Cscript%3Ealert'OPENBUGBOUNTY'%3C/script%3E〈=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...

UBUNTU-CVE-2017-0378

XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...

CVE-2017-0378

XSS exists in the loginform function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATHINFO to main.php...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure for the central processor.

The vulnerability of the PHP interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a failure in the central processor’s service by injecting long variables related to main/phpvariables.c...

PHP Denial of Service Vulnerability (CNVD-2017-22591)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in the main/phpvariables.c file in PHP versions prior to 5.6.31, 7.x versions prior to 7.0.17, and 7.1.x version...

GNU binutils - disassemble_bytes Heap Overflow

GNU binutils - disassemblebytes Heap Overflow Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

GNU binutils - disassemble_bytes Heap Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21580 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

GNU binutils - decode_pseudodbg_assert_0 Buffer Overflow Exploit

Exploit for linux platform in category dos / poc Source: https://sourceware.org/bugzilla/showbug.cgi?id=21586 I have been fuzzing objdump with American Fuzzy Lop and AddressSanitizer. Please find attached the minimized file causing the issue "Input" and the ASAN report log "Output". Below is the...

icecreamproducts.com XSS vulnerability

Vulnerable URL: http://www.icecreamproducts.com/MainContentGuest.php?value=1/-///'/"//--...

hammhrc.org XSS vulnerability

Open Bug Bounty ID: OBB-247987 Description| Value ---|--- Affected Website:| hammhrc.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

FBI Arrests NSA Contractor for Leaking Secrets – Here's How they Caught Her

The FBI arrested a 25-year-old NSA contractor on Saturday 3rd June for leaking classified information to an online news outlet which published its report yesterday 5th June — meaning the arrest was made two days before the actual disclosure went online. Reality Leigh Winner, who held a top-secret...