Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

Nexos - Real Estate < 1.6.1 - SQL Injection & Persistent XSS

----- SQL Injection: ----- Vulnerable 'id' parameter is https://listing-themes.com/nexos-wp/wp-admin/admin.php?page=ownlistingaddlisting=8 ----- Persistent XSS: ----- You need a new user account, then go to any property listing on the website and use «ENQUIRY FORM» on the right sidebar...

OPENSUSE-SU-2019:2067-1 Security update for wavpack

This update for wavpack fixes the following issues: Security issues fixed: - CVE-2019-1010319: Fixed use of uninitialized variable in ParseWave64HeaderConfig that can result in unexpected control flow, crashes, and segfaults bsc1141334. - CVE-2019-11498: Fixed possible denial of service applicati...

EulerOS 2.0 SP8 : wavpack (EulerOS-SA-2019-1831)

According to the versions of the wavpack package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The function WavpackVerifySingleBlock in openutils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service...

Truegaze - Static Analysis Tool For Android/iOS Apps Focusing On Security Issues Outside The Source Code

A static analysis tool for Android and iOS applications focusing on security issues outside the source code such as resource strings, third party libraries and configuration files. Requirements Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on...

curl: Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080

Summary: We have encountered an issue with libcurl where, under certain network conditions, the library will attempt to submit data to an incorrect port as was set by CURLOPTPORT. As information is sent to an unauthorised port, we consider this an information disclosure issue. Our security softwa...

Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net

1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...

Prithvi - Report Generation Tool

Prithvi is a report generation tool specially made for Security Assessment which is free to use and easy to use. It will generate high quality vulnerability assessment report for security controls. It got various features and majorly made for security assessment. You can easily find security...

LiveHiddenCamera - Library Which Record Live Video And Audio From Android Device Without Displaying A Preview

Live Hidden Camera LHC is a library which record live video and audio from Android device without displaying a preview. How to use I've created a library to make it more usable. The only requirement is to add the library to your project and pass the Rtmp URL to it. Additionally you should care...

GPAC Null Pointer Dereference Vulnerability

GPAC is a multimedia framework for rich media and distributed under the LGPL license. A null pointer dereference vulnerability exists in the gfisomgetoriginalformattype function in isomedia/drmsample.c in libgpac.a in GPAC 0.7.1. No details of the vulnerability are provided at this time...

DEBIAN-CVE-2019-12482

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gfisomgetoriginalformattype at isomedia/drmsample.c in libgpac.a, as demonstrated by MP4Box...

UBUNTU-CVE-2019-12482

An issue was discovered in GPAC 0.7.1. There is a NULL pointer dereference in the function gfisomgetoriginalformattype at isomedia/drmsample.c in libgpac.a, as demonstrated by MP4Box...

Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by microarchitectural data sampling speculative side-channel vulnerabilities. These vulnerabilities may allow a local attacker on a guest machine to sample the contents of memory...

The vulnerability of the Platform Sample/Silicon Reference processor components of Intel Core processors allows a hacker to execute arbitrary code.

The vulnerability of the Platform Sample/Silicon Reference processors of Intel Core relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

DEBIAN-CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

ALPINE-CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

UBUNTU-CVE-2019-11498

WavpackSetConfiguration64 in packutils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service application crash via a DFF file that lacks valid sample-rate data...

The vulnerability of microprogramming software in Intel Core Platform Sample/Silicon Reference processors, related to deficiencies in access control, allows attackers to enhance their privileges.

The vulnerability of Microprogramming Software in Intel Core Platform Sample/Silicon Reference processors is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of microprogramming software in Platform Sample/Silicon Reference processors from Intel’s Core, Pentium, and Celeron families allows attackers to execute arbitrary code.

The vulnerability of microprogramming software in Platform Sample/Silicon Reference processors from Intel Core, Intel Pentium, and Intel Celeron is caused by buffer overflow in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...