Lucene search
K

2614 matches found

MSRC
MSRC
added 2018/06/21 7:0 a.m.14 views

Announcing Changes to Microsoft’s Mitigation Bypass Bounty

Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Microsoft started the Mitigatio...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/12 12:0 a.m.74 views

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

10CVSS7.4AI score0.02342EPSS
Exploits4References108
NVD
NVD
added 2018/06/11 9:29 p.m.19 views

CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS9.1AI score0.02665EPSS
Exploits0References10
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

9.8CVSS8.8AI score0.02665EPSS
Exploits0References1
CVE
CVE
added 2018/05/29 9:0 p.m.27 views

CVE-2018-10755

This CVE entry is rejected/not used and does not represent an active vulnerability.

7.4AI score
Exploits0
Hacker One
Hacker One
added 2018/05/28 4:58 p.m.25 views

Node.js third-party modules: Privilage escalation with malicious .npmrc

Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...

0.1AI score
Exploits0
Kitploit
Kitploit
added 2018/05/26 11:9 p.m.21 views

Burpa - A Burp Suite Automation Tool

A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...

7.5AI score
Exploits0References2
Hacker One
Hacker One
added 2018/05/25 3:2 p.m.53 views

HackerOne: Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot

Summary: The hacktivity of a private program is visible to banned user if he gets invited to a program by hackbot. Description: Back in 2016 i was banned by █████'s private program ███ due to some conflict between me and their security team, i think they manually put me in banned users list, but...

Exploits0
CNVD
CNVD
added 2018/05/17 12:0 a.m.3 views

Octopus Deploy Security Restriction Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...

7.5CVSS6.8AI score0.01271EPSS
Exploits0References1
seebug.org
seebug.org
added 2018/05/11 12:0 a.m.562 views

RCE with spring-security-oauth2 分析(CVE-2018-1260)

漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...

7.5CVSS1AI score0.08352EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2018/05/03 7:13 a.m.40 views

Moderate: Red Hat Security Advisory: go-toolset-7 and go-toolset-7-golang security and bug fix update

An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS7.2AI score0.07768EPSS
Exploits4References6
OSV
OSV
added 2018/05/01 1:29 p.m.2 views

CVE-2018-10581

In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...

5.4CVSS5.8AI score0.00742EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2018/04/26 12:0 a.m.25 views

Google Chrome V8 Arrow Function Scope Fixing Bug

Chrome: V8: Arrow function scope fixing bug When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns t...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/04/25 12:0 a.m.17 views

Chrome V8 JIT - Arrow Function Scope Fixing Bug

Chrome V8 JIT - Arrow Function Scope Fixing Bug / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/04/25 12:0 a.m.29 views

Chrome V8 JIT - Arrow Function Scope Fixing Bug Exploit

Exploit for multiple platform in category dos / poc / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/25 12:0 a.m.38 views

Chrome V8 JIT - Arrow Function Scope Fixing Bug

/ When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns the destructuring assignments to the outer...

7.4AI score
Exploits0
NVD
NVD
added 2018/04/17 9:29 p.m.17 views

CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

9.8CVSS9.8AI score0.02584EPSS
Exploits1References3
OSV
OSV
added 2018/04/17 9:29 p.m.5 views

UBUNTU-CVE-2018-10191

In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...

9.8CVSS7.5AI score0.02584EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2018/04/10 3:29 p.m.31 views

CVE-2014-0158

Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file because of incorrect j2kdecode, j2kreadeoc, and tcddecodetile interaction, a...

8.8CVSS7.5AI score0.01828EPSS
Exploits0References1
Veracode
Veracode
added 2018/04/04 6:50 a.m.15 views

Directory Traversal

crud-file-server is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...

7.5CVSS7.4AI score0.02216EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder