binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable

The bfdsectionfromshdr function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service segmentation fault via a large attribute section...

UBUNTU-CVE-2018-18606

An issue was discovered in the mergestrings function in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in bfdaddmergesection when attempting to merge sections with large alignments. A specially crafted ELF...

DEBIAN-CVE-2018-18605

A heap-based buffer over-read issue was discovered in the function secmergehashlookup in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, because bfdaddmergesection mishandles section merges when size is not a multiple of entsize. A specially...

User Management Cross-Site Scripting Vulnerability

User Management is a user manager. A cross-site scripting vulnerability exists in the upload section of User Management version 1.1. A remote attacker can use this vulnerability to inject arbitrary web script or HTML...

CVE-2018-18419

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI...

Cross site scripting

LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the sitename parameter to the admin/settings/update URI...

Cross site scripting

Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI...

Malwoverview - Tool To Perform An Initial And Quick Triage On Either A Directory Containing Malware Samples Or A Specific Malware Sample

Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples not zipped. This tool aims to : 1. Determining similar executable malware samples PE/PE+ according to the import table imphash and group them by different colors pay attention to the...

[SECURITY] Fedora 29 Update: elfutils-0.174-1.fc29

Elfutils is a collection of utilities, including stack to show backtraces, nm for listing symbols from object files, size for listing the section sizes of an object or archive file, strip for discarding symbols, readelf to see the raw ELF file structures, elflint to check for well-formed ELF file...

After importing a certificate PEM file with more than one CERTIFICATE section, you cannot access the management console

You have a PEM file which contains a PRIVATE KEY section, and more than one CERTIFICATE section. The additional CERTIFICATE sections are for other root certificate authorities. In the Management Console, you go to Settings and Configuration, and upload the certificate. Once that completes, the...

GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

kohnlesoft.de XSS vulnerability

Open Bug Bounty ID: OBB-678969 Description| Value ---|--- Affected Website:| kohnlesoft.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-17300

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator//component/tablemanager/view/cumenus section name...

Cross site scripting

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator//component/tablemanager/view/cumenus section name...

CVE-2018-17300

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator//component/tablemanager/view/cumenus section name...

CuppaCMS Cross-Site Scripting Vulnerability

CuppaCMS is a content management system CMS. A cross-site scripting vulnerability exists in CuppaCMS 2018-09-03 and prior versions. A remote attacker can exploit the vulnerability by sending the 'section' parameter to the administrator//component/tablemanager/view/cumenus URL to inject malicious...

CVE-2018-16736

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the whatfilter and messages parameters in the Filters section of the settings...

Cross site scripting

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the whatfilter and messages parameters in the Filters section of the settings...

CVE-2018-16736

In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the whatfilter and messages parameters in the Filters section of the settings...

CVE-2018-0655

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page...