RUSTSEC-2023-0063 Denial of service in Quinn servers

Receiving QUIC frames containing a frame with unknown frame type could lead to a panic. Unfortunately this is issue was not found by our fuzzing infrastructure. Thanks to the QUIC Tester research group for reporting this issue...

Exploit for Path Traversal in Thruk

Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...

midwestresearchgroup.com Cross Site Scripting vulnerability OBB-3326979

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Friday Squid Blogging: More Squid Camouflage Research

Heres a research group trying to replicate squid cell transparency in mammalian cells. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

GHSA-VW27-FWJF-5QXM Arbitrary command execution on Windows via qutebrowserurl: URL handler

Impact Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as Outlook Desktop, opening a specially crafted URL can lead to argument injection, allowing execution of qutebrowser commands, which in tu...

wealthresearchgroup.com Improper Access Control vulnerability OBB-2158164

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable

A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service DoS attacks. Collectively dubbed "BrakTooth" referring to the Norwegian word "Brak" which translates...

Ovidentia 8.4.3 - SQL Injection

------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version: 8.4.3 Tested on: Mac,linux -...

Ovidentia 8.4.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/...

Ovidentia 8.4.3 - SQL Injection

Ovidentia 8.4.3 - SQL Injection ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version...

Ovidentia 8.4.3 - Cross-Site Scripting

Ovidentia 8.4.3 - Cross-Site Scripting ------------------------------------------------------- Exploit Title: Ovidentia CMS - XSS Ovidentia 8.4.3 Description: The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. Date: 06/05/2019 CVE: CVE-2019-13977 Exploit Author:...

Ovidentia 8.4.3 SQL Injection

------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version: 8.4.3 Tested on: Mac,linux -...

Ovidentia 8.4.3 Cross Site Scripting

------------------------------------------------------- Exploit Title: Ovidentia CMS - XSS Ovidentia 8.4.3 Description: The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. Date: 06/05/2019 CVE: CVE-2019-13977 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores...

2018 Annual Report from AI Now

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading...

Ethernet place the JSON-RPC Interface to a variety of stolen currency technique big secret-vulnerability warning-the black bar safety net

In 2010, Laszlo the use of 10,000 bitcoin to buy a $ 25 pizza is considered bitcoin in the real world in the first transaction. In 2017, the block chain technology as the digital currency's price soared and standing on the air above. Who could have imagined that in 2010 that two pieces of pizza,...

Debian DSA-3421-1 : grub2 - security update

Hector Marco and Ismael Ripoll, from Cybersecurity UPV Research Group, found an integer underflow vulnerability in Grub2, a popular bootloader. A local attacker can bypass the Grub2 authentication by inserting a crafted input as username or password. More information:...

Let's Encrypt Free SSL/TLS Certificate Now Trusted by Major Web Browsers

Yes, Let's Encrypt is now one step closer to its goal of offering Free HTTPS certificates to everyone. Let's Encrypt – the free, automated, and open certificate authority CA – has announced that its Free HTTPS certificates are Now Trusted and Supported by All Major Browsers. Let's Encrypt enables...

Let's Encrypt Project issues its First Free SSL/TLS Certificate

Last fall the non-profit foundation EFF Electronic Frontier Foundation launched an initiative called Let's Encrypt that aimed at providing Free Digital Cryptographic Certificates TLS to any website that needs them. Today, Let's Encrypt – a free automated Open-source Certificate Authority CA – has...

IBM BladeCenter Management Module - DoS vulnerability

No description provided by source. DSECRG-09-049 IBM BladeCenter Management Module - DoS vulnerability Source: http://www.dsecrg.com/pages/vul/show.php?id=149 This device can be remotely rebooted by sending a malformed TCP packets Digital Security Research Group DSecRG Advisory DSECRG-09-049...

IBM Bladecenter Management - Multiple web application vulnerabilities

No description provided by source. DSECRG-09-054 IBM Bladecenter Management - Multiple vulnerabilities The BladeCenter management module is prone to multiple security vulnerabilities: Unauthorized Access, Directory Listing, XSS Digital Security Research Group DSecRG Advisory DSECRG-09-054...