11967 matches found
CVE-2017-4596
...
CVE-2017-4686
CVE-2017-4686 is rejected/not used and does not represent an active vulnerability entry.
CVE-2017-4678
...
CVE-2017-4556
...
CVE-2017-4200
...
CVE-2017-4873
...
CVE-2017-4184
...
CVE-2017-4341
CVE-2017-4341 is rejected and not used per the Initial Description.
CVE-2018-1000103
CVE-2018-1000103 is rejected/not used; please reference CVE-2018-1000068 instead.
Solaris 10 (x86) : 125720-66
X11 6.8.0x86: Xorg server patch. Date this patch was last updated by Sun : Jul/13/15 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
Solaris 10 (sparc) : 122911-34
SunOS 5.10: Apache 1.3 Patch. Date this patch was last updated by Sun : Jul/13/15 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
CVE-2017-9975
...
Transmission - Integer Overflows Parsing Torrent Files
Transmission - Integer Overflows Parsing Torrent Files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype, nstructs \ structtype trmalloc sizeof structtype...
USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online
In October 2017, KrebsOnSecurity warned that ne'er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could...
beiphone.it XSS vulnerability
Open Bug Bounty ID: OBB-566489 Description| Value ---|--- Affected Website:| beiphone.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks
It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...
Starbucks: Able to purchase a gift card with any amount
Description There is a vulnerability in card.starbucks.com.sg that allows an attacker to modify the purchasing value of a starbucks gift card such that he is paying the minimum amount for the maximum value of the gift card. Attack Summary An attacker is able to pay $0.01 for a $100 gift card and...
Microsoft Edge Chakra JIT - Memory Corruption Exploit
Exploit for windows platform in category dos / poc / Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall //...
tr.investing.com XSS vulnerability
Open Bug Bounty ID: OBB-556884 Description| Value ---|--- Affected Website:| tr.investing.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
chakra: Crash in Js::JavascriptPromise::ResolveHelper
Project: https://github.com/Microsoft/ChakraCore.git Detailed report: https://oss-fuzz.com/testcase?key=5295096997085184 Project: chakra Fuzzer: jsfuzzer Job Type: asanchakra Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7f1789a671a0 Crash State: Js::JavascriptPromise::ResolveHelpe...