Jenkins Multiple Vulnerabilities (Nov 2015) - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

Instacart: Cross-Site Scripting Reflected On Main Domain

Hi Security Team instacart I'm Found Have Vulnerability Cross-Site Scripting Reflected on Main Domain in Variable utmsource POC --- https://www.instacart.com/green-zebra-grocery?utmsource="'alert/Hussain/&utmmedium="'alert/XSS/&utmcampaign="'alert/injection/ Img :- http://i.imgur.com/wSn4EU7.jpg...

FFmpeg 'jpeg2000_read_main_headers' Function Denial of Service Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video. A denial of service vulnerability exists in the jpeg2000readmainheaders function in the libavcodec/jpeg2000dec.c file in FFmpeg versions prior to 2.6.5, 2.7.x versions prior to 2.7.3, and 2.8.2 and prior 2.8.x...

SUSE SLED11 / SLES11 Security Update : xen (SUSE-SU-2015:1853-1)

xen was updated to fix nine security issues. These security issues were fixed : - CVE-2015-4037: The slirpsmb function in net/slirp.c created temporary files with predictable names, which allowed local users to cause a denial of service instantiation failure by creating /tmp/qemu-smb.- files befo...

Android 5. x vulnerability: the hacker can bypass the screen password to enter the system-vulnerability warning-the black bar safety net

Many Android users will choose to use a lock screen password protect the device, but the latest burst of vulnerability was shocking: any person who without complex operation can bypass the lock screen directly into your system! An attacker can exploit the pilot gets a lock on the device all the...

Empire: a PowerShell post-exploitation Agent tools-vulnerability warning-the black bar safety net

Empire is a purely PowerShell post-exploitation Agent tools, it is built on cryptography, secure communications and flexible architecture. Empire realize the need to powershell. exe you can run a PowerShell proxy function. Rapid deployment post-exploit module, from the keyboard recorder to...

SearchBlox Reflective Cross-Site Scripting Vulnerability

SearchBlox is an enterprise search solution built on Lucene. SearchBlox suffers from a reflected cross-site scripting vulnerability. Because input passed to the "/searchblox/admin/main.jsp" script via the "menu2" HTTP GET parameter is not properly filtered before being returned to the user, a...

PT-2015-3383 · Proftpd +2 · Proftpd +2

Name of the Vulnerable Software and Affected Versions: ProFTPD versions prior to 1.3.6b ProFTPD version 1.3.7rc before 1.3.7rc2 Description: The issue is related to the incorrect handling of overly long commands in the main.c component of the ProFTPD FTP server. This can lead to a remote...

Mozilla Firefox Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Off Main Thread Compositing (OMTC) implements arbitrary code execution vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A denial of service vulnerability exists in Mozilla Firefox, which could be exploited by remote attackers to execute arbitrary code or launch denial of service attacks...

Memory corruption

The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...

CVE-2015-0805

The CVE-2015-0805 issue affects Mozilla Firefox’s Off Main Thread Compositing (OMTC). The root cause is an incorrect memset call in the interaction with mozilla::layers::BufferTextureClient::AllocateForSurface, enabling remote attackers to trigger memory corruption via rendering of 2D graphics co...

CVE-2015-0806

The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code o...

CVE-2015-0805

The Off Main Thread Compositing OMTC implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service...

KLA10525 Multiple vulnerabilities in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Firefox before 37.0, Mozilla Firefox ESR 31.x before 31.6, Mozilla Thunderbird before 31.6. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause a denial of service heap memory corruption and bypass an...

Memory corruption crashes in Off Main Thread Compositing — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable...

UBUNTU-CVE-2015-1221

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, relate...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 page, 2 c, or 3 redirect parameter to index.php or 4 search field searchTerm parameter in the main page...

NSEarch - Nmap Script Engine Search

NSEarch is a tool that helps you find scripts that are used nmap NSE , can be searched using the name or category , it is also possible to see the documentation of the scripts found. USAGE: $ python nsearch.py Main Menu Initial Setup ================================================ | \ | |/ || | ...

Multiple SQL Injection Vulnerabilities in Sefrengo CMS 'main.php'

Sefrengo CMS is an open source content management system. Sefrengo CMS 'main.php' has multiple SQL injection vulnerabilities due to the application failing to properly filter user-supplied input. This allows an attacker to steal cookie-based credentials, compromise the application, and access or...