1779 matches found
Basecamp: Remote code execution on Basecamp.com
A critical flaw in Basecamp's profile image upload function leads to remote command execution. Images are converted on the server side, but not only image files but also PostScript/EPS files are accepted if renamed to .gif. This is probably due to ImageMagick / GraphicsMagick being used for image...
events.bucknell.edu XSS vulnerability
Open Bug Bounty ID: OBB-628424 Description| Value ---|--- Affected Website:| events.bucknell.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Title: WebKitGTK+ win = window.open"sleeponesecond.php...
CVE-2018-11646
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash...
SUSE-SU-2018:1482-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update main focus is a regression fix in SystemV IPC handling. bsc1093600 The following non-security bugs were fixed: - Drop cBPF SSBD as classic BPF does not really have a proper concept of pointer...
api.dar.fm XSS vulnerability
Open Bug Bounty ID: OBB-624753 Description| Value ---|--- Affected Website:| api.dar.fm Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
poppler/pdf_fuzzer: Index-out-of-bounds in BaseCryptStream::BaseCryptStream
Project: https://anongit.freedesktop.org/git/poppler/poppler.git Detailed report: https://oss-fuzz.com/testcase?key=4785085529194496 Project: poppler Fuzzer: libFuzzerpopplerpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzerubsanpoppler Platform Id: linux Crash Type: Index-out-of-bounds...
kernel security and bug fix update
2.6.32-696.30.1.OL6 - Update genkey bug 25599697 2.6.32-696.30.1 - x86 x86/kvm: fix CPUID7EDX word 18 mask Jan Stancek 1566893 1566899 CVE-2018-3639 2.6.32-696.29.1 - x86 x86/specctrl: Fix late microcode problem with AMD Waiman Long 1566893 1566899 CVE-2018-3639 - x86 x86/specctrl: Clean up entry...
Node.js third-party modules: [statics-server] XSS via injected iframe in file name when statics-server displays directory index in the browser
Hi Team, I would like to report HTML Injection in statics-server module. It is possible to inject malicious iframe tag via filename and execute arbitray JavaScript code. Module module name: statics-server version: 0.0.9 npm page: https://www.npmjs.com/package/statics-server Module Description npm...
A Salesmans Code Execution: PrestaShop 1.7.2.4
The Impact With more than 270,000 running instances, PrestaShop it is one of the top 10 most used content management systems in the Web. Additionally to the classical software download, PrestaShop Ready offers to rent an online shop and to get administrative access to pre-hosted PrestaShop...
Trello: Websocket response message disclose existence of Organization ID or Board ID
I found that websocket response message can reaveal existence of ID of organization or board It is up and running in other domain. PoC ==================== connect websocket. var ws = new WebSocket"wss://trello.com/1/Session/socket?token="; ws.open = functionevent console.log''; ws.onmessage =...
Design/Logic Flaw
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format ARF files could allow an unauthenticated, remote attacker to execute arbitrary code on the system of a targeted user. An attacker could exploit this vulnerability by sending the user a link or email attachme...
vakantieland.nl XSS vulnerability
Open Bug Bounty ID: OBB-608949 Description| Value ---|--- Affected Website:| vakantieland.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Chrome V8 JIT - Arrow Function Scope Fixing Bug
Chrome V8 JIT - Arrow Function Scope Fixing Bug / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser
Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...
CVE-2018-2864
CVE-2018-2864 affects Oracle E-Business Suite, specifically the Oracle Application Object Library diagnostics component. Affected versions are 12.1.3 and 12.2.3–12.2.7. The vulnerability allows an unauthenticated, network-accessing attacker over HTTP to read a subset of Oracle Application Object ...
CVE-2017-0364
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link...
Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion
/ I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if objectmaps.containsZoneHandleSetsourcemap objectmaps.removesourcemap, zone;...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
Node.js third-party modules: npm packages that overlap with core node packages
Hi, I have posted here, but I wanted to make you aware of this easy social engineering trick. I do not want to claim any of these are currently malicious, but it they easily could be. Thanks, Marc Impact The attacker could do anything...use the postinstall as the user, work the same as steal data...