CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

PT-2018-5361 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A command injection issue exists in the web server functionality, allowing a specially crafted HTTP POST to cause a privilege escalation, resulting in a root shell. An attacker can inject O...

PT-2018-16245 · Hyland · Hyland Perceptive Document Filters

Name of the Vulnerable Software and Affected Versions: Hyland Perceptive Document Filters version 11.4.0.2647 Description: A stack-based buffer overflow exists in the DOC-to-HTML conversion functionality. This issue can be exploited by a crafted .doc document, leading to a stack-based buffer...

PT-2018-3113 · Blender +1 · Blender +1

Name of the Vulnerable Software and Affected Versions: Blender version 2.78c Description: An integer overflow exists in the way Blender draws a Particle object, which can be exploited by a specially crafted .blend file to cause a buffer overflow, potentially allowing for code execution under the...

PT-2018-1300 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: Multiple vulnerabilities in the Application Layer Protocol Inspection...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/...

RPi Cam Control < 6.4.34 Multiple Vulnerabilities - Active Check

RPi Cam Control is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:rpi:camcontrol";...

lindenvalley.de Improper Access Control vulnerability

Vulnerable URL: https://www.lindenvalley.de/.git/config Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.01.2018 Vulnerability type:| Improper Access Control Vulnerability status:| Publicly disclosed Alexa Rank| 3132691 VIP website status:| No Coordinated Disclosure...

reg.kost.ru Open Redirect vulnerability

Vulnerable URL: http://reg.kost.ru/cgi-bin/go?https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

tembeleza.com.br Open Redirect vulnerability

Vulnerable URL: http://tembeleza.com.br/loja/redirect.php?action=url=www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

mental-escher.net XSS vulnerability

Vulnerable URL: http://mental-escher.net/AI/bot/userlog.php?id=13'"35 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 12931653 VIP website status:| No Coordinated Disclosure Timelin...

InterScan Web Security Virtual Appliance vulnerable to code injection

Overview InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability. Impact Arbitrary code may be executed by a user who logged-in to the management screen of the product as an administrator. Solution Apply the Patch Apply the patch accordi...

Internet Bug Bounty: Optionsbleed / CVE-2017-9798

Bug has been disclosed here: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html poc code: https://github.com/hannob/optionsbleed Apache is currently preparing 2.4.28, which will contain the fix, a patch is available in their svn repo...

community.pennfoster.edu XSS vulnerability

Vulnerable URL: https://community.pennfoster.edu/blogs/MercedesRuiz/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.11.2017 Vulnerability...

stuller.com XSS vulnerability

Vulnerable URL: https://www.stuller.com/cart/?referrer=%22%3E%3Csvg/onload=%22alert%27OPENBUGBOUNTY%27%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 54802 VIP website status...

REDDOXX Appliance Undocumented Administrative Service Account Vulnerability

Exploit for jsp platform in category web applications Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance an...

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution Vulnerability

Exploit for jsp platform in category web applications Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while...

REDDOXX Appliance Arbitrary File Disclosure

Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ======= Product...

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...