CVE-2017-13710

The setupgroup function in elf.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a group section that is too small...

GNU Binutils 'bfd_make_section_with_flag' function null pointer dereference vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

RedHat Update for glibc RHSA-2017:1916-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation Exploit

Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The...

VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can ...

Trickbot Trojan Malware Morphs, Now Targets U.S. Banks

The Trickbot banking Trojan is now targeting U.S. banks in new spam campaigns fueled by the prolific Necurs botnet. The malware has grown more potent with the introduction of a customized redirection method as part of its attacks. IBM X-Force and Flashpoint both recently spotted new Trickbot...

Task Manager Pro <= 1.3.1 - Authenticated Cross-Site Scripting (XSS)

Multiple authenticated XSS vulnerabilities found logged as a low privileged user. PoC Authenticated Stored XSS: Logged as a follower, the lowest privileged user. Write the payload in the 'Add a comment' section Authenticated Reflected XSS On task-edit, task-details, project-details pages:...

shafa.ua XSS vulnerability

Vulnerable URL: https://shafa.ua/women?searchtext=aa%22%22%3E%3C/script%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 14086 VIP website...

Cross site scripting

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable...

CVE-2017-11181

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable...

CVE-2017-11182

Rise Ultimate Project Manager v1.8 contains cross-site scripting (XSS) vulnerabilities in the My Profile input fields. All input fields are vulnerable, enabling injection of arbitrary script/HTML. The CVE notes an XSS issue but does not provide exploitation status, impact depth beyond the stated ...

CVE-2017-11181

In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable...

CVE-2017-11181

Rise Ultimate Project Manager v1.8 contains a cross-site scripting (XSS) vulnerability in the Messaging section, specifically the Subject and Message fields. The CNVD entry indicates this can be exploited remotely by injecting arbitrary web script or HTML. No remediation details are provided in t...

interio.ch XSS vulnerability

Vulnerable URL: https://www.interio.ch/de/sale/schlafen.catp/150.0550.0 Details: Description| Value ---|--- Patched:| Yes, at 17.10.2017 Latest check for patch:| 17.10.2017 21:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 151104 VIP website status:| No Chec...

usatt.net XSS vulnerability

Vulnerable URL: http://www.usatt.net/history/rating/History/Tresult.asp?Blow=1"...

CVE-2017-9778

GNU Debugger GDB 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB...

UPM - "Most used" section on the start menu not populated correctly

The "Most Used" section in the Start menu is not populated correctly in the user profile when logging on to Windows 8 / Windows 10 / Windows server 2012 VDA...

precisionboatworks.com XSS vulnerability

Vulnerable URL: http://www.precisionboatworks.com/parts/parts.php?boat=1"...

KLA11844 OSI vulnerability in Microsoft Windows

An information disclosure vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2017-8554 Related products Microsoft-Windows-Server-2012 Microsoft-Windows-8 Microsoft-Windows-7...

specialtyequipment.com XSS vulnerability

Vulnerable URL: http://www.specialtyequipment.com/section.asp?product=Conveyors=1/-///'/"//--...