Online Motorcycle (Bike) Rental System 1.0 - Blind Time-Based SQL Injection Exploit

Exploit Title: Online Motorcycle Bike Rental System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Chase ComardelleCASO Vendor Homepage: https://www.sourcecodester.com/php/14989/online-motorcycle-bike-rental-system-phpoop-source-code.html Software Link:...

CVE-2021-33831

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds...

GHSA-VJRQ-CG9X-RFJP Improper Input Validation in cookie

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...

SUSE: Security Advisory (SUSE-SU-2015:0865-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hackers use Github bot to steal $1,200 in ETH within 100 seconds

By Sudais Asif Hackers are remotely stealing cryptocurrencies using bots on Github. This is a post from HackRead.com Read the original post: Hackers use Github bot to steal $1,200 in ETH within 100 seconds...

UBUNTU-CVE-2019-5739

Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service DoS attack...

Preparing for Y2038 (Already?!)

It somehow doesn't seem that long ago, but nineteen years ago during Y2K I spent my New Year's Eve in the Akamai Network Operations center, waiting to respond to anything that might go awry as the clock struck midnight in key time zones such as Greenwich and Boston. As of January 9, 2019, we are...

ProcDump Sysinternals Tool for Linux

ProcDump is a Linux reimagining of the classic ProcDump tool from the Sysinternals suite of tools for Windows. ProcDump provides a convenient way for Linux developers to create core dumps of their application based on performance triggers. Requirements Minimum OS: Red Hat Enterprise Linux / CentO...

CVE-2018-19279

PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater...

CVE-2017-16115

The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds...

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

CVE-2017-16114

The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds...

Regular Expression Denial Of Service (ReDoS)

braces is vulnerable to Regular expression Denial of Service ReDoS. parser.js uses regular expression ^\,+?:\,+\,|,?:\,+\,+\ to detects empty braces, consuming 10 seconds matching time for data 50K characters long...

Hackers leave ransom note after wiping out MongoDB in 13 seconds

By Waqas For the last couple of years, hackers have been exploiting This is a post from HackRead.com Read the original post: Hackers leave ransom note after wiping out MongoDB in 13 seconds...

DEBIAN-CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

CVE-2018-6519

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

MaxAge LSA Vulnerability in OSPF Protocol of Multiple Huawei Products Products

Huawei AC6005 and others are products of Huawei, China.Huawei AC6005 is an access control device.CloudEngine 12800 is a data center switch device. A MaxAge LSA vulnerability exists in the OSPF protocol of multiple Huawei products. When the device receives a specific LSA message, the LS Link Statu...

deluge-rpc-brute NSE Script

Performs brute force password auditing against the DelugeRPC daemon. Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation for the creds library. brute.credfile,...

DEBIAN-CVE-2015-5300

The panicgate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds...

Large cookie Max-Age values can cause a denial of service

Affected versions of this crate use the time crate and the method Duration::seconds to parse the Max-Age duration cookie setting. This method will panic if the value is greater than 2^64/1000 and less than or equal to 2^64, which can result in denial of service for a client or server. This flaw w...