The vulnerability of the AppCache mechanism in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a perpetrator to perform domain substitution.

The vulnerability of the AppCache mechanism in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to defects in the Application Cache system’s functionality. Exploiting this vulnerability allows a malicious actor to replace domains using the “FALLBACK”...

fanfics.me XSS vulnerability

Open Bug Bounty ID: OBB-554203 Description| Value ---|--- Affected Website:| fanfics.me Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

UBUNTU-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

DEBIAN-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

ALPINE-CVE-2018-6543

In GNU Binutils 2.30, there's an integer overflow in the function loadspecificdebugsection in objdump.c, which results in malloc with 0 size. A crafted ELF file allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact...

After Section 702 Reauthorization

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We've just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of U...

Qualys Cloud Suite 8.12 New Features

This new release of the Qualys Cloud Suite, version 8.12 adds new reporting options for the PC Report, allowing you to include new summaries in the remediation section of the report for control failures. Feature Highlights Qualys Policy Compliance PC/SCAP PC Report: Failure Summary Section – You...

The vulnerability of the ap_limit_section function in the Apache HTTP Server’s httpd daemon allows a hacker to gain access to data from the process’s memory.

The vulnerability of the aplimitsection function in the Apache HTTP Server’s httpd daemon is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to access data from the process’s memory through a specially crafted HTTP request...

Opponents Vow to Continue the Fight after Trump Reauthorizes Domestic Spying Law

A controversial U.S. legal framework concerning domestic surveillance is poised to live on for another six years, but opponents say they plan to continue the fight. In a widely expected move, President Donald Trump signed the bill one day after the Senate approved it in a 65-34 vote. At issue is...

Online Ticket Booking Cross-Site Scripting Vulnerability (CNVD-2018-01215)

Advanced Real Estate Script is a ready-made real estate website script.Online Ticket Booking is one of the online booking systems. A cross-site scripting vulnerability exists in Online Ticket Booking in Advanced Real Estate Script. The vulnerability can be exploited to conduct cross-site scriptin...

Clooud 1.4.0 Shell Upload

======================================================================================================= | Title : Clooud v1.4.0 - Premium Media Sharing Script unrestricted file upload Vulnerability | | Author : indoushka | | email : [email protected] | | Tested on : windows 10 FranASSais...

StivaSoft PHPJabbers File Sharing Script Cross-Site Scripting Vulnerability

StivaSoft PHPJabbers File Sharing Script is a set of online file sharing scripts from the Bulgarian company StivaSoft. A cross-site scripting vulnerability exists in the comments section of StivaSoft PHPJabbers File Sharing Script. A remote attacker can exploit this vulnerability to inject...

CVE-2017-12813

PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section...

CVE-2017-17868

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter prp value, as demonstrated by prp564233524tag...

Liferay Porta tags section cross-site scripting vulnerability

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses EJB as well as JMS and other technologies , and can be used as a Web publishing and sharing workspaces , enterprise collaboration platforms , social networks and so on. A cross-site scripting vulnerability exists ...

WP Site Protect 1.0 - Cross-Site Scripting (XSS)

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the...

KLA11160 Obsolete Adobe Flash Player for Windows

A remote code execution vulnerability was found in Adobe Flash Player. This vulnerability can be exploited via a specially designed webpage to execute arbitrary code. Original advisories ADV170022 Related products Microsoft-Windows CVE list KB list 4053577 Solution Install necessary updates from...

Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. Dubbed Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function an...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-36676)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in the loaddebugsection function in readelf.c in GNU Binutils 2.29.1. A remote attacker could exploit this...

UBUNTU-CVE-2017-17121

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service memory access violation or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the...