2614 matches found
Announcing Changes to Microsoft’s Mitigation Bypass Bounty
Today we’re announcing a change to the Mitigation Bypass Bounty that removes Control Flow Guard CFG from the set of in-scope mitigations. In this blog, we’ll provide additional background and explain why we’re making this change. Mitigation Bypass Bounty Background Microsoft started the Mitigatio...
Malicious JavaScript Package Detection
Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
CVE-2017-7756
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
DEBIAN-CVE-2017-7756
A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...
CVE-2018-10755
This CVE entry is rejected/not used and does not represent an active vulnerability.
Node.js third-party modules: Privilage escalation with malicious .npmrc
Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...
Burpa - A Burp Suite Automation Tool
A Burp Suite Automation Tool With Slack Integration. Requirements burp-rest-api Burp Suite Professional slackclient Usage $ python burpa.py -h / / / / / / / / / / / // / // / / / // / // / /./,// / ./,/ // burpa version 0.1 / by 0x4D31 usage: burpa.py -h -a scan,proxy-config,stop -pP PROXYPORT...
HackerOne: Hacktivity of a private program visible to banned user if he gets invited to a program by hackbot
Summary: The hacktivity of a private program is visible to banned user if he gets invited to a program by hackbot. Description: Back in 2016 i was banned by █████'s private program ███ due to some conflict between me and their security team, i think they manually put me in banned users list, but...
Octopus Deploy Security Restriction Bypass Vulnerability
Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...
RCE with spring-security-oauth2 分析(CVE-2018-1260)
漏洞公告 环境搭建 利用github上已有的demo: git clone https://github.com/wanghongfei/spring-security-oauth2-example.git 确保导入的spring-security-oauth2为受影响版本,以这里为例为2.0.10 进入spring-security-oauth2-example,修改 cn/com/sina/alan/oauth/config/OAuthSecurityConfig.java的第67行: @Override public void...
Moderate: Red Hat Security Advisory: go-toolset-7 and go-toolset-7-golang security and bug fix update
An update for go-toolset-7 and go-toolset-7-golang is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2018-10581
In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able to view/update/save variable values within the Tenant Variables area for Environments that do not exist within their associated Team scoping. This occurs in situations where this authenticated user also belongs to multiple...
Google Chrome V8 Arrow Function Scope Fixing Bug
Chrome: V8: Arrow function scope fixing bug When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns t...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Chrome V8 JIT - Arrow Function Scope Fixing Bug Exploit
Exploit for multiple platform in category dos / poc / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
/ When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first assigns the destructuring assignments to the outer...
CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...
UBUNTU-CVE-2018-10191
In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrbvmexec when handling OPGETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code...
CVE-2014-0158
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file because of incorrect j2kdecode, j2kreadeoc, and tcddecodetile interaction, a...
Directory Traversal
crud-file-server is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of ../ sanitization on the user input, allowing attackers to access files outside of the server's scope...