Lucene search
K

2623 matches found

The Hacker News
The Hacker News
added 2017/10/19 7:11 a.m.11 views

Google Play Store Launches Bug Bounty Program to Protect Popular Android Apps

Better late than never. Google has finally launched a bug bounty program for Android apps on Google Play Store, inviting security researchers to find and report vulnerabilities in some of the most popular Android apps. Dubbed "Google Play Security Reward," the bug bounty program offers security...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/11 7:55 p.m.10 views

Razer US: XSS vulnerability on amp.razerzone.com

The tester discovered a reflected XSS vulnerability on a media content server, exploitable via Firefox. This content server was used by Razer employees and close partners to store media related to Razer products. We appreciate the tester's hard work and as a courtesy we granted reputation for thi...

6.2AI score
Exploits0
NVD
NVD
added 2017/10/10 9:29 p.m.18 views

CVE-2017-15190

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable...

7.5CVSS7.3AI score0.01685EPSS
Exploits0References5
OSV
OSV
added 2017/10/10 9:29 p.m.2 views

UBUNTU-CVE-2017-15190

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable...

7.5CVSS7.1AI score0.01685EPSS
Exploits0References6
CVE
CVE
added 2017/10/10 9:0 p.m.80 views

CVE-2017-15190

CVE-2017-15190: In Wireshark versions 2.4.0–2.4.1, the RTSP dissector could crash due to the incorrect scope of a variable in epan/dissectors/packet-rtsp.c. The issue was fixed in a later Wireshark patch (e.g., Wireshark 2.4.2 and related security advisories). Remediation: upgrade to an affected ...

7.5CVSS7.2AI score0.01685EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2017/10/10 9:0 p.m.33 views

CVE-2017-15190

In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable...

7.5CVSS7.3AI score0.01685EPSS
Exploits0
Hacker One
Hacker One
added 2017/10/02 5:26 p.m.11 views

Tor: Content spoofing on

Vulnerability description not provided...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2017/09/22 12:0 a.m.40 views

Microsoft Edge Charka Wrong Scopes In Deferred Parsing

Microsoft Edge: Chakra: Deferred parsing makes wrong scopes CVE-2017-8740 function fa = function printa; with ; function g f; ; When Chakra executes the above code, it doesn't generate bytecode for "g". This is a feature called "DeferParse". The problem is that the bytecode generated for "f" when...

7.6CVSS0.4AI score0.72171EPSS
Exploits3
0day.today
0day.today
added 2017/09/21 12:0 a.m.42 views

Microsoft Edge Chakra - Deferred Parsing Makes Wrong Scopes Exploit

Exploit for windows platform in category dos / poc GetFuncExprNameReference || funcInfo-funcExprScope && funcInfo-funcExprScope-GetIsObject ... Js::RegSlot ldFuncExprDst = sym-GetLocation; this-mwriter.Reg1Js::OpCode::LdFuncExpr, ldFuncExprDst; if sym-IsInSlotfuncInfo Js::RegSlot scopeLocation;...

7.6CVSS7.8AI score0.72171EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/09/21 12:0 a.m.33 views

Microsoft Edge Chakra - 'Parser::ParseCatch' Does Not Handle 'eval()' (Denial of Service)

PnodeBlockType::Regular, isPattern ? ScopeTypeCatchParamPattern : ScopeTypeCatch; ... ParseNodePtr pnodePattern = ParseDestructuredLiteraltkLET, true /isDecl/, true /topLevel/, DICForceErrorOnInitializer; ... 1. "pnodeCatchScope" is a temporary block used to create a scope, and it is not actually...

7.4AI score
Exploits0
FireEye
FireEye
added 2017/09/20 10:0 a.m.20 views

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2017/08/31 8:10 p.m.12 views

FDA Recalls Nearly Half a Million Pacemakers Over Hacking Fears

Almost half a million people in the United States are highly recommended to get their pacemakers updated, as they are vulnerable to hacking. The Food and Drug Administration FDA has recalled 465,000 pacemakers after discovering security flaws that could allow hackers to reprogram the devices to r...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2017/08/18 12:0 a.m.20 views

phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Windows

phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.5CVSS6.6AI score0.01055EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/08/18 12:0 a.m.18 views

phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Linux

phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.5CVSS6.6AI score0.01055EPSS
Exploits2References1
OSV
OSV
added 2017/08/07 4:53 p.m.5 views

USN-3380-1 freerdp vulnerabilities

It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. CVE-2014-0250 It was discovered...

8.8CVSS7.1AI score0.0367EPSS
Exploits7References9
Hacker One
Hacker One
added 2017/08/06 10:6 a.m.18 views

Legal Robot: Code injection

A security researcher discovered that they were able to inject potentially malicious code into Legal Robot's newly created Roadmap page through improper input sanitization when submitting a new Idea for consideration by the community. A limited-scope attack was possible since the input sanitizati...

2.5AI score
Exploits0
OSV
OSV
added 2017/08/01 6:29 p.m.8 views

CVE-2017-1500

A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get a...

6.1CVSS5.9AI score0.00779EPSS
Exploits1References2
seebug.org
seebug.org
added 2017/07/27 12:0 a.m.24 views

WebKit: JSC: Incorrect scope register handling in DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry)

Here's a snippet of DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry. void flushInlineStackEntry inlineStackEntry ... if mgraph.needsScopeRegister flushmcodeBlock-scopeRegister; mcodeBlock| instead of |mcodeBlock|. But it doesn't. As a result, the scope register of...

7AI score
Exploits0
exploitpack
exploitpack
added 2017/07/25 12:0 a.m.11 views

WebKit JSC - DFG::ByteCodeParser::flush(InlineStackEntry* inlineStackEntry) Incorrect Scope Register Handling

WebKit JSC - DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry Incorrect Scope Register Handling scopeRegister; mcodeBlock| instead of |mcodeBlock|. But it doesn't. As a result, the scope register of |inlineStackEntry-mcodeBlock| may have an incorrect offset in the stack layout phase...

0.2AI score
Exploits0
0day.today
0day.today
added 2017/07/25 12:0 a.m.39 views

WebKit JSC Incorrect Scope Register Handling Vulnerability

WebKit suffers from a JSC incorrect scope register handling in DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry. WebKit: JSC: Incorrect scope register handling in DFG::ByteCodeParser::flushInlineStackEntry inlineStackEntry CVE-2017-7018 Here's a snippet of...

6.8CVSS8.2AI score0.07038EPSS
Exploits2
Rows per page
Query Builder