U.S. Dept Of Defense: MSSQL injection via param Customwho in https://█████/News/Transcripts/Search/Sort/ and WAF bypass

Summary: MSSQL injection via param Customwho in https://███████/News/Transcripts/Search/Sort/ Description: MSSQL injection via param Customwho in https://██████████/News/Transcripts/Search/Sort/ There is WAF, but we can make bypass and via global variable @@LANGID we can know that the base is use...

ZEIT: [Fix Bypass #541631] Open redirect on Signup

Some signup and login paths did not verify the ?next= query param properly and allowed an open redirect with a carefully crafted invalid URL. It is standard practise to use a redirect query param in login and signup endpoints but the value should be carefully validated before accepting to redirec...

kimageformats/kimgio_fuzzer: Negative-size-param in QImage::fill

Project: git://anongit.kde.org/kimageformats Detailed report: https://oss-fuzz.com/testcase?key=5118681342803968 Project: kimageformats Fuzzer: aflkimageformatskimgiofuzzer Fuzz target binary: kimgiofuzzer Job Type: aflasankimageformats Platform Id: linux Crash Type: Negative-size-param Crash...

opencv/imdecode_fuzzer: Negative-size-param in _TIFFmemcpy

Project: https://github.com/opencv/opencv.git Detailed report: https://oss-fuzz.com/testcase?key=5766572742803456 Project: opencv Fuzzer: aflopencvimdecodefuzzer Fuzz target binary: imdecodefuzzer Job Type: aflasanopencv Platform Id: linux Crash Type: Negative-size-param Crash Address: Crash Stat...

libheif/file-fuzzer: Negative-size-param in heif::HeifPixelImage::fill_RGB_16bit

Project: https://github.com/strukturag/libheif.git Detailed report: https://oss-fuzz.com/testcase?key=5732616832024576 Project: libheif Fuzzer: libFuzzerlibheiffile-fuzzer Fuzz target binary: file-fuzzer Job Type: libfuzzerasanlibheif Platform Id: linux Crash Type: Negative-size-param Crash...

CVE-2019-9615

An issue was discovered in OFCMS before 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java...

openthread/cli-uart-received-fuzzer: Memcpy-param-overlap in ot::Cli::CoapSecure::Process

Project: https://github.com/openthread/openthread.git Detailed report: https://oss-fuzz.com/testcase?key=5745974335504384 Project: openthread Fuzzer: aflopenthreadcli-uart-received-fuzzer Fuzz target binary: cli-uart-received-fuzzer Job Type: aflasanopenthread Platform Id: linux Crash Type:...

U.S. Dept Of Defense: [███] SQL injection & Reflected XSS

SQL injection test 1. Go to site ███████ 2. Intercept this request POST /viewem6.php HTTP/1.1 Host: ████ User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:60.0 Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...

Remote Code Execution (RCE)

Microsoft ChakraCore is vulnerable to remote code execution. This is due to an issue with capturing the name of a function expression in one of the param scope functions where the name symbols are not added to the body. This allows a remote attacker to execute arbitrary code in the context of the...

ghostscript: shading_param incomplete type checking (699660)

It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript docume...

openSUSE Security Update : haproxy (openSUSE-2018-1229)

This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...

CVE-2018-17575

SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter...

zlib-ng/compress_fuzzer: Negative-size-param in compress_fuzzer.c

Project: https://github.com/sebpop/zlib-ng.git https://github.com/zlib-ng/zlib-ng.git Detailed report: https://oss-fuzz.com/testcase?key=4634639783165952 Project: zlib-ng Fuzzer: libFuzzerzlib-ngcompressfuzzer Fuzz target binary: compressfuzzer Job Type: libfuzzerasanzlib-ng Platform Id: linux...

Vanilla: XSS: Group search terms

Summary: The sub domain https://kentico.vanillastaging.com has a DOM XSS can be executed on any user browser by a simple get request. Description: The search param in the get request has been set in it's text value and the response has been reflected in the DOM response. Request: GET...

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact:...

imagemagick/encoder_heic_fuzzer: Negative-size-param in heif::HeifContext::decode_and_paste_tile_image

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5666980618043392 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderheicfuzzer Fuzz target binary: encoderheicfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

qpid-proton/fuzz-connection-driver: Negative-size-param in transport_consume

Project: https://github.com/apache/qpid-proton.git Detailed report: https://oss-fuzz.com/testcase?key=6301141305393152 Project: qpid-proton Fuzzer: aflqpid-protonfuzz-connection-driver Fuzz target binary: fuzz-connection-driver Job Type: aflasanqpid-proton Platform Id: linux Crash Type:...

CVE-2017-12121

An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\name= parm in the...

CVE-2016-9646 Commit metadata forgery via CGI::FormBuilder context-dependent APIs

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-field method similar to the CGI-param API that led to Bugzilla's CVE-2014-1572, which can be abused to lead to commit metadata forgery...