751 matches found
Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net
One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...
[SECURITY] Fedora 29 Update: php-Smarty2-2.6.31-2.fc29
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...
[SECURITY] Fedora 28 Update: php-Smarty2-2.6.31-2.fc28
Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...
Vulnerability in the "User's Avatar" of the App of the East Presentation Association
East Presentation Club APP is a hotel booking platform. An override access vulnerability exists in the "user avatar" section of Dongcheng Club APP. An attacker can traverse the key field to obtain sensitive information of other users by grabbing packets...
About the security content of iOS 11.2.5 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
Invisi-Shell - Hide Your Powershell Script In Plain Sight (Bypass All Powershell Security Features)
Hide your powershell script in plain sight! Invisi-Shell bypasses all of Powershell security features ScriptBlock logging, Module logging, Transcription, AMSI by hooking .Net assemblies. The hook is performed via CLR Profiler API. Work In Progress This is still a preliminary version intended as a...
CVE-2015-9272
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
Input validation
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
CVE-2015-9272
The videowhisper-video-presentation plugin 3.31.17 for WordPress allows remote attackers to execute arbitrary code because vp/vwupload.php considers a file safe when "html" are the last four characters, as demonstrated by a .phtml file containing PHP code...
CVE-2018-17137
Prezi Next 1.3.101.11 is affected by an access bypass vulnerability described across multiple sources (e.g., CNVD-2018-19438, NVD CVE-2018-17137). The issue arises from SE_DEBUG_PRIVILEGE on Windows, which could allow attackers to bypass intended access restrictions in the context of HTML5 presen...
MobSF (Mobile Security Framework) v1.0 - Mobile (Android/iOS) Automated Pen-Testing Framework
Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support...
Playback: A TLS 1.3 Story
Introduction Secure communications are one of the most important topics in information security, and the Transport Layer Security TLS protocol is currently the most used protocol to provide secure communications on the internet. For example, when you are connecting to your online banking...
Active Directory Reconnaissance: ADRecon
ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...
RF Fuzzing Framework: TumbleRF
TumbleRF is a framework that orchestrates the application of fuzzing techniques to RF systems. While fuzzing has always been a powerful mechanism for fingerprinting and enumerating bugs within software systems, the application of these techniques to wireless and hardware systems has historically...
CVE-2018-5754
Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...
Cross site scripting
Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...
CVE-2018-5754
Cross-site scripting XSS vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard...
[SECURITY] Fedora 27 Update: libreoffice-5.4.6.2-6.fc27
LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...
[SECURITY] Fedora 28 Update: libreoffice-6.0.3.2-9.fc28
LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...
GitLab: XSS (Persistent) - Selecting role(s) for protected branches
Summary: When using the dropdown that selects the groups or users that are allowed to push or merge to a protected branch within a project, it is possible to trigger a XSS with a malicious user name string. Description: This vulnerability is similar to the recently announced CVE-2018-10379. The...