dukascopy.com XSS vulnerability

Vulnerable URL: https://www.dukascopy.com/fxcomm/login/?clearredirect=mcurietribute"=1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 31006 VIP website status:| Yes Coordinated Disclosure Timeline: Description|...

Disassembler and Runtime Analysis

This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime...

Hopper Disassembler ELF Section Header Size Code Execution Vulnerability(CVE-2016-8390)

Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...

lionbrand.com XSS vulnerability

Vulnerable URL: http://www.lionbrand.com/clearance?delid=%22%3E%3Csvg/onload=alert%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 08.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 67194 VIP website status:| N...

file: Stack-based buffer overflow

Background file is a utility that guesses a file format by scanning binary data for patterns. Description An issue discovered in file allows attackers to write 20 bytes to the stack buffer via a specially crafted .notes section. Impact A remote attacker, by using a specially crafted .notes sectio...

cms.schoolcenter.com XSS vulnerability

Open Bug Bounty ID: OBB-323721 Description| Value ---|--- Affected Website:| cms.schoolcenter.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Malware Triage Tool: pftriage

pftriage is a tool to help analyze files during malware triage. It allows an analyst to quickly view and extract properties of a file to help during the triage process. The tool also has an analyze function which can detect common malicious indicators used by malware. Dependencies pefile filemagi...

Stored Cross-Site Scripting Vulnerability in Palm QC App

Palm Qingcheng app is a smartphone-based city travel information query software. A stored cross-site scripting vulnerability exists in the "Feedback" section of the app. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in user hijackin...

Stored Cross-Site Scripting Vulnerability in Mythical Doctor App

The Mythical Doctor app is a leading doctor-patient type tool in the field of mobile health, dedicated to helping you build an online communication service between you and your doctor, and providing you with medicines to your home. A stored cross-site scripting vulnerability exists in the...

Stored Cross-Site Scripting Vulnerability in Hulu 3 Floor App

Hulu Man 3F APP is a player exchange community platform launched by Guangzhou Manju Network Technology Co. A stored cross-site scripting vulnerability exists in the "Feedback" section of Hulu Man 3F APP. An attacker can insert malicious js code into the page to obtain user cookies and other...

CVE-2017-14398

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection...

The vulnerability of the ReadOneMNGImage function in the console-based ImageMagick graphics editor allows a hacker to perform read operations beyond the memory limit.

The vulnerability of the ReadOneMNGImage function in the coder/png.c file of the console image editing tool ImageMagick arises from reading data beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to read data beyond the memory limit of the MNG CLIP section...

DEDECMS member center code submit defects can getshell

Preface : dedecms this year to update a lot of patches,the present article selected 20170315 patch for learning and research. Body: From the official website to download DEDECMS 20170315 patch using DIFF comparison tools for comparison: See the Red part, the servermsg1 variables appearing in dede...

DEBIAN-CVE-2017-14129

The readsection function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service parsecompunit heap-based buffer over-read and application crash via a crafted ELF file...

CVE-2017-13757

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to elfi386getsyntheticsymtab...

CVE-2017-13757

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to elfi386getsyntheticsymtab...

CVE-2017-13757

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to elfi386getsyntheticsymtab...

CVE-2017-13710

The setupgroup function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a group section that is too small...

UBUNTU-CVE-2017-13710

The setupgroup function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a group section that is too small...

DEBIAN-CVE-2017-13710

The setupgroup function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a group section that is too small...