1779 matches found
Microsoft Edge Chakra JIT Array.prototype.reverse Array Type Confusion
Microsoft Edge: Chakra: JIT: Array type confusion via Array.prototype.reverse CVE-2018-0835 This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlineed and may invoke EnsureNonNativeArray to convert the prototype of "this" to...
CVE-2017-17552
The CVE-2017-17552 issue affects ManageEngine ADManager Plus: /LoadFrame in Zoho ManageEngine AD Manager Plus builds 6590–6613 allows URL redirection via the src parameter, bypassing CSRF protections and potentially masquerading a malicious URL as trusted. Affected versions include 6590–6613; exp...
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow /
Exploit for hardware platform in category remote exploits STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher:...
Updated curl packages fix security vulnerability
It was reported that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. When accessed, the data is read out of bounds and causes either a crash or that the too large data gets passed to the libcurl callback. This might lead to a...
Node.js third-party modules: [626] Path Traversal allows to read arbitrary file from remote server
Hi Guys, There is Path Traversal vulnerability in 626 module, which allows to read arbitrary file from the remote server. Module 626 This package exposes a directory and its children to create, read, update, and delete operations over http. https://www.npmjs.com/package/626 version: 1.1.1 Stats 0...
chakra: Heap-use-after-free in Js::LiteralStringWithPropertyStringPtr::NewFromCString
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=4913256519958528 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: Heap-use-after-free READ 1 Crash Address: 0x61100000a600 Crash State:...
Fedora 27 : gcab (2018-87971e3c98)
New upstream release - This fixes the security bug known as CVE-2018-5345 - Add new API for fwupd - Do not encode timezone in generated files - Fix countless memory leaks when parsing corrupt files - Fix the calculation of the checksum on big endian machines - Switch to the Meson buildsystem Note...
MapsMarker.com e.U.: [Informational] Possible SQL Injection in inc/ajax-actions-frontend.php
At first, I thought, that my finding is a valid sql injection but I was wrong because of WordPress currently adding magic slashes to COOKIE/POST/GET - this is a very special behaviour which may be remove in the future. There are tons of requests to remove this "old" technique. Nevertheless I...
CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
mupdf/pdf_fuzzer: Use-of-uninitialized-value in fz_drop_hash_table
Project: git://git.ghostscript.com/mupdf.git Detailed report: https://oss-fuzz.com/testcase?key=5184754354749440 Project: mupdf Fuzzer: libFuzzermupdfpdffuzzer Fuzz target binary: pdffuzzer Job Type: libfuzzermsanmupdf Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash...
Buffer overflow
Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713...
CVE-2018-1000003
CVE-2018-1000003 affects the DNSSEC validation component of PowerDNS Recursor (version 4.1.0). The root cause is improper input validation in the DNSSEC validators, enabling a network attacker in a man‑in‑the‑middle position to replay packets and cause the existence of some DNS data to be denied ...
duontax.co.kr XSS vulnerability
Open Bug Bounty ID: OBB-524157 Description| Value ---|--- Affected Website:| duontax.co.kr Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosu...
Fedora 27 : FlightGear (2017-45beeef896)
This update fixes a security bug in the FGLogger subsystem, to prevent it from overwriting arbitrary files the user has write access to CVE-2017-13709 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Open-Xchange: [XSS/CSRF] filter content-type bypass in Files
Hi. I found trick for inject any content-type for files. If content-type contains , then browser Chrome, Firefox skip content-type before , e.g.: any, text/html - text/html Upload any html/xml/svg/swf without extension F253137 and update mimetype: - "file":"filemimetype":"t,text/html" -...
Microsoft Edge Chakra JIT BackwardPass::RemoveEmptyLoopAfterMemOp Failed Insert
Microsoft Edge: Chakra: JIT: BackwardPass::RemoveEmptyLoopAfterMemOp doesn't insert branches. CVE-2017-11909 The optimizations for memory operations may leave empty loops as follows: for let i = 0; i arr.length; i++ arri = 0; Becomes: Memsetarr, 0, arr.length; for let i = 0; i arr.length; i++ //...
pt.tezenis.com XSS vulnerability
Open Bug Bounty ID: OBB-500466 Description| Value ---|--- Affected Website:| pt.tezenis.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...
Mavenlink: Users email can be changed without verification
A user api endpoint that accepts updates for user profile information also accepts an email address field. The researcher found a bug where a previously verified email address could be updated via this endpoint but would not be marked as unverified. This endpoint still accepts email address chang...
CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
CVE-2017-1000423
b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...