KLA11905 Microsoft Advisory for Adobe Flash

Original advisories ADV160007 APSB16-32 Related products Adobe-Flash CVE list KB list 3194343 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update usually can be accessed from the Control Panel Affected Products - Adobe Flash...

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

Cross site scripting

Cross-site scripting XSS vulnerability in the user-profile biography section in DotNetNuke DNN before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element...

Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files (Different-payloads)

Note::steps mentioned in report164027 In the Comments Box,the payload to execute XSS is passed. Test Payloads: alert1 Also the above payload is still working.. Also try this payload " fooalert1 Click edit comment after posted. XSS Triggers...

Nextcloud: Reflected Self-XSS Vulnerability in the Comment section of Files Information

Vulnerability Found In the test domain: demo.nextcloud.com Vulnerability Type : Reflected XSS STEPS TO REPRODUCE: STEP 1: Login to demo nextcloud server site using test credentials.demo.nextcloud.com STEP 2: On the All Files Tab ,Select Any File. STEP 3: A tab opens on the Right Hand side of the...

mothercare.com XSS vulnerability

Vulnerable URL: http://www.mothercare.com/clothing/newinclothing,default,sc.html?srule=""-alert'OPENBUGBOUNTY'-" Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 22:38 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

FortiManager and FortiAnalyzer Persistent XSS vulnerability

When a low privileged user uploads images in the report section, the filenames are not properly sanitized; this potentially enables stored XSS attacks...

CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28333006...

UBUNTU-CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 28333006...

YetiForce CRM 3.1 - Persistent Cross-Site Scripting

YetiForce CRM 3.1 - Persistent Cross-Site Scripting Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

Exploit for php platform in category web applications Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts' 0day.today 2018-03-28...

dailynews.com XSS vulnerability

Vulnerable URL: http://www.dailynews.com/section?template= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 34813 VIP website status:| Yes Check dailynews.com SSL connection:| Grade:...

CVE-2016-5042

The dwarfgetarangeslist function in libdwarf before 20160923 allows remote attackers to cause a denial of service infinite loop and crash via a crafted DWARF section...

CVE-2016-5043

The dwarfdealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds read and crash via a crafted DWARF section...

CVE-2016-5044

The WRITEUNALIGNED function in dwarfelfaccess.c in libdwarf before 20160923 allows remote attackers to cause a denial of service out-of-bounds write and crash via a crafted DWARF section...

libdwarf '_dwarf_load_section' function denial of service vulnerability

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A security vulnerability exists in the 'dwarfloadsection' function of libdwarf. An attacker can exploit this vulnerability to cause a denial of service null pointer backreference...

Mail.ru: [sales.mail.ru] CRLF Injection

В разделе media портала sales.mail.ru существует редирект, который удаляет GET-параметры: GET https://sales.mail.ru/media/foo?bar 302 Moved Temporarily Location: http://sales.mail.ru/media/foo Он подвержен CRLF-инъекции, что позволяет атакующему внедрить произвольный заголовок в ответ сервера: GE...

500K Members of Hacking Forum Doxxed

An underground forum called Nulled.io that helped users share stolen credentials, software cracks, and leaked content was hacked earlier this month, spilling a glut of information, including users’ email addresses, encrypted passwords, and IP addresses, among other details. According to researche...

[SECURITY] Fedora 24 Update: binutils-2.26-18.fc24

Binutils is a collection of binary utilities, including ar for creating, modifying and extracting from archives, as a family of GNU assemblers, gprof for displaying call graph profile data, ld the GNU linker, nm for listing symbols from object files, objcopy for copying and translating object...