CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8911

Synology Note Station’s Attachment Preview is affected by CVE-2018-8911. The vulnerability is an XSS in Attachment Preview prior to version 2.5.1-0844 that allows remote authenticated users to inject arbitrary web script or HTML via a malicious attachment. Public sources (CNVD/NVD entries) descri...

CVE-2018-8912

Synology Note Station (Note Station) contains an XSS in SYNO.NoteStation.Note that affects versions prior to 2.5.1-0844. An authenticated remote attacker can inject arbitrary script/HTML via the commit_msg parameter. Impact is XSS with partial integrity exposures and low confidentiality concerns;...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

Debug Exception May Cause Unexpected Behavior

CERT Coordination Center CERT/CC has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information. NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU 631579 for more...

UBUNTU-CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

Wireless GUI Android Security Assessment: Hijacker

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng , MDK3 and Reaver . It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses. This application requires an ARM android device with an...

Authentication flaw

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

CVE-2013-7245

The CVE-2013-7245 issue affects SAP Sybase ASE 15.7 Backup Server component prior to SP51. The root cause is a failure to validate credentials, allowing remote attackers to bypass access restrictions and perform database dumps. Impact is exposure of data via unauthorized dumps; no exploitation de...

CVE-2013-7245

The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859...

perpustakaan.undiksha.ac.id XSS vulnerability

Open Bug Bounty ID: OBB-607581 Description| Value ---|--- Affected Website:| perpustakaan.undiksha.ac.id Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Magnitude exploit kit switches to GandCrab ransomware

The GandCrab ransomware is reaching far and wide via malspam, social engineering schemes, and exploit kit campaigns. On April 16, we discovered that Magnitude EK, which had been loyal to its own Magniber ransomware, was now being leveraged to push out GandCrab, too. While Magnitude EK remains...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

PT-2018-5660 · Allen Bradley · Allen Bradley Micrologix 1400 Series B

Name of the Vulnerable Software and Affected Versions: Allen Bradley Micrologix 1400 Series B versions 21.2 and before Description: An issue exists in the data, program, and function file permissions functionality, allowing for access control bypass. A specially crafted packet can cause...

LockCrypt ransomware: weakness in code can lead to recovery

At the start of the year, it seemed that 2018 was going to be all about cryptominers. They so overwhelmingly dominated the landscape that it looked like no other threat had a chance. However, ransomware is not giving up the field so fast. There have been new variants popping up every couple of...

Code injection

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content...

LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly

LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...

Hackers leave ransom note after wiping out MongoDB in 13 seconds

By Waqas For the last couple of years, hackers have been exploiting This is a post from HackRead.com Read the original post: Hackers leave ransom note after wiping out MongoDB in 13 seconds...

shop.obkladypasek.cz XSS vulnerability

Open Bug Bounty ID: OBB-582520 Description| Value ---|--- Affected Website:| shop.obkladypasek.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...