Microsoft SQL Server TCP/IP Listener Product Database Detection

The remote host is running an MSSQL database with default credentials. It may be possible to determine the product associated with the database based on the default credentials. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if...

CVE-2018-8737

Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...

CVE-2018-8737

Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...

curl/curl_fuzzer_http: Stack-buffer-overflow in fuzz_handle_transfer

Detailed report: https://oss-fuzz.com/testcase?key=5569625854050304 Project: curl Fuzzer: libFuzzercurlfuzzerhttp Fuzz target binary: curlfuzzerhttp Job Type: libfuzzerasancurl Platform Id: linux Crash Type: Stack-buffer-overflow READ 8 Crash Address: 0x7fff6a3b0910 Crash State: fuzzhandletransfe...

Solaris 10 (sparc) : 137204-31

Messaging Server 64bit 7.0.5.31.0: core patch. Date this patch was last updated by Sun : Jun/02/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Solaris 10 (x86) : 120665-01

SunOS 5.10x86: tl driver patch. Date this patch was last updated by Sun : Sep/15/05 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 10 (x86) : 150118-01

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Kernel. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent...

Cross site scripting

Cross-site scripting XSS vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note...

CVE-2014-8780

Cross-site scripting XSS vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note...

rioimoveisonline.com.br XSS vulnerability

Open Bug Bounty ID: OBB-573457 Description| Value ---|--- Affected Website:| rioimoveisonline.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

SAP Note Assistant XML External Entity Injection Vulnerability

SAP Note Assistant is a tool to help automate the import of changes in SAP Notes, a document created by a developer who finds a bug in an ABAP program that describes the problem and the associated program modification code. An XML external entity injection vulnerability exists in SAP Note...

beiphone.it XSS vulnerability

Open Bug Bounty ID: OBB-566489 Description| Value ---|--- Affected Website:| beiphone.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Sony Playstation 3 (PS3) 4.82 - Jailbreak (ROP)

Sony Playstation 3 PS3 4.82 - Jailbreak ROP EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chain, it is possible in...

CVE-2017-15442

CVE-2017-15442 is rejected and is not an active vulnerability entry.

tr.wikiloc.com XSS vulnerability

Open Bug Bounty ID: OBB-533694 Description| Value ---|--- Affected Website:| tr.wikiloc.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Transmission - RPC DNS Rebinding

The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to a web server listening on port 9091. By default, the daemo...

Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser

A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Sa...

Sony Playstation 4 4.05 FW - Local Kernel Exploit

Exploit for bsd platform in category local exploits PS4 4.05 Kernel Exploit --- Summary In this project you will find a full implementation of the "namedobj" kernel exploit for the PlayStation 4 on 4.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...

Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit

Exploit for windows platform in category dos / poc Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this...