11967 matches found
Exploit for Type Confusion in Mozilla Firefox
SpiderMonkey - CVE-2019-11707 Bug: https://bugs.chromium.org/...
Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Exploit Title: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow SEH Exploit Author: Bobby Cooke Date: 2020-04-11 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/freeclock.exe Tested On:...
foebe-muenchen.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1140132 Security Researcher MajorInfluenza Helped patch 120 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting foebe-muenchen.de website and its users. Followi...
Zen Load Balancer Directory Traversal
This module exploits a authenticated directory traversal vulnerability in Zen Load Balancer v3.10.1. The flaw exists in 'index.cgi' not properly handling 'filelog=' parameter which allows a malicious actor to load arbitrary file path. This module requires Metasploit: https://metasploit.com/downlo...
librarything.it Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1138555 Security Researcher g0bl1nsec Helped patch 3754 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting librarything.it website a...
batteryempire.co.uk Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1138239 Security Researcher Teamhash Helped patch 330 vulnerabilities Received 3 Coordinated Disclosure badges Received 2 recommendations , a holder of 3 badges for responsible and coordinated disclosure, found a security vulnerability affecting batteryempire.co.uk website...
Arbitrary Code Execution
thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...
clarionlist.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1133474 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting clarionlist.com website a...
AIDA64 Engineer 6.20.5300 Buffer Overflow
Exploit Title: AIDA64 Engineer - 'Report File' filename Buffer Overflow SEH Date: 2020-04-02 Exploit Author: Hodorsec Version: v6.20.5300 Software Link: http://download.aida64.com/aida64engineer620.exe Vendor Homepage: https://www.aida64.com/products/aida64-engineer Tested on: Win7 x86 SP1 - Buil...
tweaksguide.com Cross Site Scripting vulnerability
Security Researcher geeknik Helped patch 8505 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting tweaksguide.com website and its users. Following coordinat...
spaceshowertv-thediner.jp Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1126981 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
godolloimuzeum.hu Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1126311 Security Researcher g0bl1nsec Helped patch 3748 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting godolloimuzeum.hu website...
brno-jehnice.cz Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1126313 Security Researcher g0bl1nsec Helped patch 3748 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting brno-jehnice.cz website a...
Open-Xchange: Use after free in smtp_server_connection_handle_command
Function smtpserverconnectionhandlecommand in src/lib-smtp/smtp-server-connection.c creates a variable named cmd with cmd = smtpservercommandnewtmpconn, cmdname, cmdparams; It gets used with return cmd == NULL || !cmd-inputlocked; ie cmd-inputlocked dereferences the pointer But we can get to this...
elektrobock.cz Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1121429 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Apache Tomcat from file contains to RCE exploit the principle of in-depth analysis-vulnerability warning-the black bar safety net
The content of the article introduction The present article is directed to the Apache Tomcat Ajp(CVE-2020-1938)the vulnerability file contains and RCE of the use of methods and principles for the in-depth analysis, including vulnerability to reproduce and analyze the environment to build the...
CVE-2020-6582
CVE-2020-6582 affects Nagios NRPE 3.2.1 and is described in connected advisories as a heap-based buffer overflow caused by interpreting a small negative number as a large positive one during a bzero call. Mageia and Fedora/OpenVAS advisories indicate NRPE updates exist (NRPE 4.x, e.g., 4.0.2) as ...
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
Since the coronavirus became a worldwide health issue, the desire for more information and guidance from government and health authorities has reached a fever pitch. This is a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria—all while...
Amazon Linux AMI : php73 (ALAS-2020-1351)
The version of php73 installed on the remote host is prior to 7.3.15-1.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1351 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...
blaxakis.gr Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1117457 Security Researcher geeknik Helped patch 8803 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting blaxakis.gr website and it...