2734 matches found
The vulnerability of the kvm_ioctl_create_device function in the Linux operating system allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the kvmioctlcreatedevice function in the virt/kvm/kvmmain.c file of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause service failures or increase their privileges through special...
pkusd.org XSS vulnerability
Vulnerable URL: http://www.pkusd.org/main/cp.php?"'--!confirmOPENBUGBOUNTY...
Zen Cart Cross-Site Scripting Vulnerability (CNVD-2017-08298)
Zen Cart is an open source shopping cart system developed by Zen Cart team. The system is mainly used to establish an online store , can support a variety of payment methods , multi-language options , online shopping mall batch update and so on. A cross-site scripting vulnerability exists in the...
CVE-2017-8833
Zen Cart 1.6.0 has XSS in the mainpage parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."...
cmdbet.com XSS vulnerability
Vulnerable URL: http://www.cmdbet.com/Main/logout.aspx?code='-confirmOPENBUGBOUNTY-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 446225 VIP website status:| No Coordinated...
Zendo Project Management Software Open Source 9.1.1 SQL Injection Vulnerability
Zendo is an open source project management software. Zendo Project Management Software Open Source 9.1.1 SQL injection vulnerability exists in module\block\control.php page. Due to the lack of filtering of the 'main' parameter, allowing attackers to exploit the vulnerability to obtain sensitive...
WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant
WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...
CVE-2016-8790
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could...
CVE-2016-8790
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could...
Buffer overflow
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could...
CVE-2016-8790
Huawei CloudEngine 5800 with software before V200R001C00SPC700, CloudEngine 6800 with software before V200R001C00SPC700, CloudEngine 7800 with software before V200R001C00SPC700, CloudEngine 8800 with software before V200R001C00SPC700, CloudEngine 12800 with software before V200R001C00SPC700 could...
Plaintext Credentials Logged
presto-main logs plaintext database credentials on startup. It loads the credentials stored in a properties file and logs it to a world readable file, server.log...
Artifex Software MuPDF Buffer Overflow Vulnerability
Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A buffer overflow vulnerability exists in the main function of the jstestmain.c file in Artifex Software MuPDF versions prior to 1.10. A remote attacker can exploit this vulnerability to cause a denial of service...
PT-2017-7825 · Artifex +1 · Mupdf +1
Name of the Vulnerable Software and Affected Versions: MuPDF versions prior to 1.10 Description: The issue is related to a buffer overflow in the main function in jstest main.c in Mujstest, which allows remote attackers to cause a denial of service out-of-bounds write via a crafted file...
Joomla com_virtuemart plugin 'id' parameter SQL injection vulnerability
Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the mainproduct parameter of the Joomla comproduct component. An attacker can exploit the vulnerability to access or modify database data...
Jenkins Multiple Vulnerabilities (Feb 2017) - Windows
Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...
DEBIAN-CVE-2017-6384
Memory leak in the loginuser function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8...
spice: Buffer overflow in main_channel_alloc_msg_rcv_buf when reading large messages
A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution...
CVE-2017-5545
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service buffer over-read via Apple Property List data that is too short...
Yelp: Clickjacking @ Main Domain[www.yelp.com]
Hello Yelp Security Team, I Just want to submit a report Clickjacking on your Main Domain, I Know that this is a Low Risk But may i know if your aware of it. PoC: See Atachments. Impact: For example, imagine an attacker who builds a web site that has a button on it that says "click here for a fre...