2734 matches found
shopify-scripts: Heap Overflow in mrb_arb_splice
It's similar with 192235, but the root cause is different. both of mruby and mruby-engine are crashed by the following PoC. MRBINT64 ruby ary = Array.new1023 ary0x7ffffffffffffc00,0 = Array.new1024 $ gdb -q --args ./bin/mruby test2.rb Reading symbols from ./bin/mruby...done. gdb r Starting progra...
armbets.tv XSS vulnerability
Vulnerable URL: http://www.armbets.tv/main-tag.php?tag=3=%22%3E%3Cscript%3Ealert%28%27OPENBUGBOUNTY%27%29%3C/script%3E=1 Details: Description| Value ---|--- Patched:| Yes, at 05.10.2016 Latest check for patch:| 05.10.2016 19:16 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclose...
iSQL isql_main.c Buffer Overflow Vulnerability
iSQL is an interpreter of SQL that interprets and executes SQL commands to create small databases. A buffer overflow vulnerability exists in iSQL version 1.0, which can be exploited by an attacker to execute arbitrary code...
Jenkins Winstone Servlet Cross Site Scripting Vulnerability (Nov 2011) - Windows
Jenkins is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins";...
repository.mainlib.upd.edu.ph XSS vulnerability
Vulnerable URL: http://repository.mainlib.upd.edu.ph/pmarf/results.php?field=subject"=Caramoan,+Camarines+Sur--Town+fiesta Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:54 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
SQL injection vulnerability in the main.aspx page of the remote consultation system of Beijing BlueVision Technology Co.
Telemedicine is a broad term that refers to remote disease diagnosis, remote checkups, remote monitoring, and remote surgical teaching/surgical guidance activities conducted between hospitals through telemedicine systems. A SQL injection vulnerability exists in the main.aspx page of the...
OracleVM 3.2 : xen (OVMSA-2016-0090)
The remote OracleVM system is missing necessary patches to address critical security updates : - x86/HVM: correct CPUID leaf 80000008 handling - 6c733e54 xsa173010001-x86-HVM-correct-CPUID-leaf-80000008-handl ing.patch was based on upstream commit: ef437690af8b75e6758dce77af75a22b63982883 x86/HVM...
[SECURITY] Fedora 23 Update: libvirt-1.2.18.4-1.fc23
Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support...
[SECURITY] Fedora 24 Update: kf5-kxmlgui-5.24.0-1.fc24
KDE Frameworks 5 Tier 3 solution for user-configurable main windows...
Jenkins CLI RMI Java Deserialization Vulnerability (Nov 2015) - Active Check
Jenkins is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ...
InstantHMI 6.1 - Privilege Escalation
Exploit for windows platform in category local exploits Title: InstantHMI - EoP: User to ADMIN CWE Class: CWE-276: Incorrect Default Permissions Date: 01/06/2016 Vendor: Software Horizons Product: InstantHMI Version: 6.1 Download link: http://www.instanthmi.com/ihmisoftware.htm Tested on: Windows...
The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack.
The vulnerability of the Firefox browser in the OMTC component lies in the incorrect invocation of the memset function when interacting with the mozilla::layers::BufferTextureClient::AllocateForSurface function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or...
The vulnerability of the enterprise automation system 1C:Enterprise, which allows a malicious individual to cause service failures
The server processes agent.exe, rmngr.exe, and rhost.exe of the enterprise automation system 1C:Enterprise use the same main module, core82.dll. The specially crafted TCP packet is interpreted as a sequence of recursive function calls, which ultimately leads to exhaustion of the application stack...
kodak.com XSS vulnerability
Vulnerable URL: http://www.kodak.com/global/mul/digital/flash/giftguide/giftguide0710/guide/main.swf?xmlfile=http://nsa.is.spying-on.us/k.xml Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 31015 VIP website...
Cisco IOS Software IKE Main Mode Vulnerability (Cisco-SA-20140403-CVE-2014-2143)
A vulnerability in the Internet Key Exchange IKE module of Cisco IOS Software could allow an unauthenticated, remote attacker to delete established security associations on an affected device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...
APITest.IO: Clickjacking: X-Frame-Options header missing
same as this report https://hackerone.com/reports/7492 vulnerable :- sign in ,sign up ,and main domain poc attached...
Cake Mania - Main Street Lite - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Cake Mania - Main Street Lite published at the 'play' market has multiple vulnerabilities...
Main-Echo - WebView JavaScript enabled, WebView code execution, WebView files access vulnerabilities
HackApp vulnerability scanner discovered that application Main-Echo published at the 'play' market has multiple vulnerabilities...
Linux/x86_x64 - execve/bin/sh - 26 bytes
Linux/x86x64 - execve/bin/sh - 26 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x86x64 - execve/bin/sh - 26 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa...
ad.main-netz.de Open Redirect vulnerability
Open Bug Bounty ID: OBB-137175 Description| Value ---|--- Affected Website:| ad.main-netz.de Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...