11967 matches found
CVE-2019-11147
Insufficient access control in hardware abstraction driver for MEInfo software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0, 14.0.10; TXEInfo software for IntelR TXE before versions 3.1.70 and 4.0.20; INTEL-SA-00086 Detection Tool version 1.2.7.0 or before;...
CVE-2019-19846
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors...
Design/Logic Flaw
A missing permission check in Jenkins Alauda Kubernetes Suport Plugin 2.3.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing the Kubernetes service account token or...
ewt.cz Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1040584 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
clotildejimenez.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1039449 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
ancientscripts.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1037789 Security Researcher Sidd Helped patch 16 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting ancientscripts.com website and its users. Following...
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font Exploit
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=707779e0...
awesomecow.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1036304 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Open redirect
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0...
schreinerzeitung.ch Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1035844 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Microsoft Windows GDI Component CVE-2019-1465 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version 16...
About the security content of iOS 12.4.4
About the security content of iOS 12.4.4 This document describes the security content of iOS 12.4.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
usma.ru Cross Site Scripting vulnerability
Security Researcher g0bl1nsec Helped patch 3650 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting usma.ru website and its users. Following coordinated and...
leongjin.co.th Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1034853 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Design/Logic Flaw
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute...
Exploit for Out-of-bounds Write in Google Chrome
Chrome exploit for 73.0.3683.86 --no-sandbo...
Critical Flaws in VNC Threaten Industrial Environments
The open-source Virtual Network Computing VNC project, often found in industrial environments, is plagued with 37 different memory-corruption vulnerabilities – many of which are critical in severity and some of which could result in remote code execution RCE. According to researchers at Kaspersky...
fr.unique-by-mc.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1020519 Security Researcher yassinehmimou2 Helped patch 68 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting fr.unique-by-mc.com website and its users...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this is attack surface from unprivileged userspace in the default...
nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)
Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10...