PYSEC-2017-79

An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...

Remote Code Execution Vulnerability in Stranger Client

Stranger is a location-based mobile social networking tool. There is a remote code execution vulnerability in the Stranger client, which can be exploited by an attacker to trigger an attack code to automatically download and automatically use the interface to install any application, call sensiti...

Securing a Raspberry Pi

A Raspberry Pi is a tiny computer designed for makers and all sorts of Internet-of-Things types of projects. Make magazine has an article about securing it. Reading it, I am struck by how much work it is to secure. I fear that this is beyond the capabilities of most tinkerers, and the result will...

GNU Binutils 'bfd_make_section_with_flag' function null pointer dereference vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret()

An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet...

Friends in War Make or Break Authentication Bypass Vulnerability

Make or Break is a parenting blog. An authentication bypass vulnerability exists in Friends in War Make or Break. It allows an attacker to bypass login authentication via injection...

Friends in War Make or Break 1.7 - CSRF (Change Admin Password) Vulnerability

Exploit for php platform in category web applications Friends in War Make or Break 1.7 - Unauthenticated admin password change Url: http://software.friendsinwar.com/ http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Author: shinnai mail: shinnaiatautisticidotorg site:...

Friends In War Make Or Break 1.7 SQL Injection

Exploit Title: Friends in War Make or Break 1.7 SQL Injection Dork: N/A Date: 26.07.2017 Vendor : http://software.friendsinwar.com/ Software: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Demo: http://localhost/PATH/ Version: 1.7 Author: Ihsan Sencan SQL Injection/Exploit :...

Friends In War Make Or Break 1.7 Password Change

Friends in War Make or Break 1.7 - Unauthenticated admin password change Url: http://software.friendsinwar.com/ http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.altervista.org/...

Friends in War Make or Break 1.7 - SQL Injection

Exploit Title: Friends in War Make or Break 1.7 SQL Injection Dork: N/A Date: 26.07.2017 Vendor : http://software.friendsinwar.com/ Software: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Demo: http://localhost/PATH/ Version: 1.7 Author: Ihsan Sencan SQL Injection/Exploit :...

Friends in War Make or Break 1.7 - SQL Injection

Friends in War Make or Break 1.7 - SQL Injection Exploit Title: Friends in War Make or Break 1.7 SQL Injection Dork: N/A Date: 26.07.2017 Vendor : http://software.friendsinwar.com/ Software: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 Demo: http://localhost/PATH/ Version: 1.7...

Friends in War Make or Break 1.7 - Authentication Bypass

x Type: Admin login bypass via SQLi x Vendor: http://software.friendsinwar.com/ x Script Name: Make or Break x Script Version: 1.7 x Script DL: http://software.friendsinwar.com/downloads.php?catid=2&fileid=9 x Author: Anarchy Angel x Mail: anarchydotang31@gmaildotcom x More info:...

freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret()

An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet...

FreeRADIUS 'make_secret()' Letter Denial of Service Vulnerability

FreeRADIUS is a set of software that implements the RADIUS protocol from the FreeRADIUS Server project. The software is mainly used for account authentication management, bookkeeping management and Internet account management, etc. and contains a Radius server, a client library for BSD protocol...

DEBIAN-CVE-2017-10978

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in makesecret" and a denial of service...

UBUNTU-CVE-2017-10978

An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in makesecret" and a denial of service...

ProjectSend 'install/make-config.php' file arbitrary code execution vulnerability

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in the 'install/make-config.php' file in ProjectSend r754. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code with the help of the...

CVE-2017-9741

CVE-2017-9741 affects ProjectSend (r754). The install/make-config.php file is vulnerable to remote PHP code execution via the dbprefix parameter, due to replacing TABLES_PREFIX in the configuration file. This leads to arbitrary code execution on affected installations. Connected records confirm t...

Security Bypass Vulnerability in Multiple Samsung Phones

Samsung SM-G920F Galaxy S6 and others are smartphones released by the South Korean company Samsung Samsung. A security bypass vulnerability exists in several Samsung phones. An attacker can use the vulnerability to make a call, send a text message or issue a command...

libevent: Out-of-bounds read in search_make_new()

An out of bounds read vulnerability was found in libevent in the searchmakenew function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash...