CVE-2018-15855

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkbgeometry section was mishandled...

PT-2018-13245 · Xkbcommon +4 · Xkbcommon +4

Name of the Vulnerable Software and Affected Versions: xkbcommon versions prior to 0.8.1 Description: The issue arises from unchecked NULL pointer usage in the xkbcommon parser, which can be exploited by local attackers to cause a crash due to a NULL pointer dereference. This can occur when a...

Buffer overflow

An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy...

CVE-2017-14444

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to...

CVE-2017-14445

An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to...

Important: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

EFF Sues to Repeal Controversial Online Sex Trafficking FOSTA Law

The Electronic Frontier Foundation on Thursday announced it is suing to invalidate a recently passed law that is meant to fight online sex trafficking. The Allow States and Victims to Fight Online Sex Trafficking Act of 2017 FOSTA, which was passed 97-2 by Congress in March and signed into law in...

pran.nl XSS vulnerability

Open Bug Bounty ID: OBB-637653 Description| Value ---|--- Affected Website:| pran.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Optiva Framework - Web Application Scanner

You can use this Framework on your website to check the security of your website by finding the vulnerability in your website or you can use this tool to Get admin panel search SQL injection by dork As well as collecting information and encrypting Hash. Features : Infromation Modules : Port Scann...

CVE-2018-9182

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section...

CVE-2018-9182

Twonky Server before 8.5.1 is affected by a cross‑site scripting (XSS) vulnerability exposed via a modified "language" parameter in the Language section. The issue stems from improper handling of the language parameter, enabling XSS payloads. Impact is consistent with XSS (partial integrity impac...

Cybersecurity Reference Architecture: Security for a Hybrid Enterprise

The Microsoft Cybersecurity Reference Architecture describes Microsofts cybersecurity capabilities and how they integrate with existing security architectures and capabilities. We recently updated this diagram and wanted to share a little bit about the changes and the document itself to help you...

CVE-2016-8390

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...

Out-of-bounds

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...

CVE-2016-8390

CVE-2016-8390 concerns Hopper Disassembler 3.11.20, where the ELF Section Headers parsing has an out-of-bounds write due to attacker-controlled data in the section header table. Multiple connected sources describe a vulnerability in ELF parsing that can cause memory corruption via a crafted ELF f...

PT-2018-5002 · Unknown · Hopper Disassembler

Name of the Vulnerable Software and Affected Versions: Hopper Disassembler version 3.11.20 Description: An exploitable out of bounds write issue exists in the parsing of ELF Section Headers. A specially crafted ELF file can cause attacker-controlled pointer arithmetic, resulting in a partially...

Liberapay: CSRF token manipulation in every possible form submits. NO server side Validation

Web Application is generating CSRFtoken values inside cookies which is not a best practice for web applications the revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only...

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

SAP NetWeaver Web Dynpro Information Disclosure

Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 23445...

ShellPop - Pop Shells Like A Master

Pop shells like a master Shell pop is all about popping shells. With this tool you can generate easy and sofisticated reverse or bind shell commands to help you during penetration tests. Don't waste more time with .txt files storing your Reverse shells! Installation Python 2.x is required. 3.0+...