Hashcat v4.2.1 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 200 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and OSX, and has facilities to help enable...

glib/fuzz_variant_text: Heap-buffer-overflow in token_stream_prepare

Project: https://gitlab.gnome.org/GNOME/glib.git Detailed report: https://oss-fuzz.com/testcase?key=5966373363646464 Project: glib Fuzzer: libFuzzerglibfuzzvarianttext Fuzz target binary: fuzzvarianttext Job Type: libfuzzerasanglib Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash...

Code injection

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "math xlink:href=" attack...

Discourse Detection (HTTP)

HTTP based detection of Discourse. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108454";...

CVE-2016-9254

...

CVE-2016-9246

...

CleanMyMac3 Local Privilege Escalation

CleanMyMac3 installs a rooted helper com.macpaw.CleanMyMac3.Agent, and its XPC interface does not validate anything. In CMPrivilegedOperationprotocol, there are actually more than one way to execute privileged code. The most straight forward one is to use periodic: void cdecl...

newrivermoaa.org XSS vulnerability

Open Bug Bounty ID: OBB-649593 Description| Value ---|--- Affected Website:| newrivermoaa.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2011-4892

...

macOSiOS - JavaScript Injection Bug in OfficeImporter

macOSiOS - JavaScript Injection Bug in OfficeImporter QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

In Bootstrap, XSS is possible in the collapse data-parent attribute...

[SECURITY] Fedora 28 Update: kernel-4.17.4-200.fc28

The kernel meta package...

JavaScript Core - Arbitrary Code Execution

// Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new Uint8Arrayconva; var floatarrmagic = new...

Integer overflow

The mintToken function of a smart contract implementation for Deploy, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

udon-kurayoshi.com XSS vulnerability

Open Bug Bounty ID: OBB-642785 Description| Value ---|--- Affected Website:| udon-kurayoshi.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Integer overflow

The mintToken function of a smart contract implementation for IMM Coin IMC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

[SECURITY] Fedora 28 Update: standard-test-roles-2.14-1.fc28

Shared Ansible roles to support the Standard Test Interface as described at https://fedoraproject.org/wiki/Changes/InvokingTestsAnsible...

wetboek-online.nl XSS vulnerability

Open Bug Bounty ID: OBB-639122 Description| Value ---|--- Affected Website:| wetboek-online.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Microsoft Windows: Turn off toast notifications on the lock screen

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wintoastlockscreen.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Turn off toast notifications on the lock screen users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2017-1382)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...