Exploit for Improper Authentication in Oracle Concurrent_Processing

CVE-2025-61882 & CVE-2025-61884 EDIT: Oracle just disclose...

Exploit for CVE-2025-53072

CVE-2025-53072 & CVE-2025-62481 Vulnerability in the Oracle...

Exploit for Improper Authentication in Oracle Concurrent_Processing

CVE-2025-61882 & CVE-2025-61884 EDIT: Oracle just disclose...

ExponentCMS安全漏洞

ExponentCMS is an open source web content management system that allows website owners to easily create and manage dynamic websites without having to directly code web pages or manage site navigation.ExponentCMS 2.6 and earlier versions have a security vulnerability that stems from a modified HTT...

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.

...

hapi node module denial of service vulnerability

The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.3. An attacker exploits the vulnerability to cause a denial of service socket exhaustion wi...

GHSA-RC8H-3FV6-PXV8 Denial of Service in hapi

Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500 error back...

Malwarebytes CrackMe 2: contest summary

About three weeks ago, we published our second CrackMe. It triggered a lot of interest, and we got many high-quality write-ups. Choosing the winner was really difficult! In this post, I am going to summarize the contest and comment on the received submissions. CrackMe 2 challenge The topic of the...

Design/Logic Flaw

The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control...

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header...

Format string

msnmsgr.exe in Windows Live Messenger WLM 2009 build 14.0.8064.206, and other 14.0.8064.x builds, allows remote attackers to cause a denial of service application crash via a modified header in a packet, as possibly demonstrated by a UTF-8.0 value of the charset field in the Content-Type header...

CVE-2005-0039

Certain configurations of IPsec, when using Encapsulating Security Payload ESP in tunnel mode, integrity protection at a higher layer, or Authentication Header AH, allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner...