img.jpg4.net XSS vulnerability

Vulnerable URL: http://img.jpg4.net/...

Design/Logic Flaw

Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service DoS or obtain server certificate private keys and possibly other information...

WebKit: UXSS via Document::prepareForDestruction and CachedFrame

WebKit: UXSS via Document::prepareForDestruction and CachedFrame Here's a snippet of Document::prepareForDestruction void Document::prepareForDestruction if mhasPreparedForDestruction return; ... detachFromFrame; mhasPreparedForDestruction = true; Document::prepareForDestruction is called on the...

gdal: Index-out-of-bounds in NTFFileReader::GetNextIndexedRecordGroup

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4834117231312896 Project: gdal Fuzzer: libFuzzergdalogrfilesystemfuzzer Fuzz target binary: ogrfilesystemfuzzer Job Type: libfuzzerubsangdal Platform Id: linux Crash Type: Index-out-of-bounds Crash...

WebKit JSC - Incorrect Check in emitPutDerivedConstructorToArrowFunctionContextScope

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1173 When a super expression is used in an arrow function, the following code, which generates bytecode, is called. if needsToUpdateArrowFunctionContext && !codeBlock-isArrowFunction bool canReuseLexicalEnvironment =...

danfessler.com XSS vulnerability

Vulnerable URL: http://danfessler.com/blog.php?id=%3Csvg/onload=alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017 Latest check for patch:| 26.11.2017 14:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1786954 VIP website...

OS Identification and Installed Software Enumeration over SSH v2 (Using New SSH Library)

Nessus was able to login to the remote host using SSH or local commands and extract the list of installed packages. TRUSTED...

TiEmu 2.08 - Local Buffer Overflow

!/usr/bin/python Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Developed using Exploit Pack - http://exploitpack.com - Tested on: Windows 7 32 bits Description: TiEmu Texas Instrument Emulator 2.08 and prior is prone to a stack-based buffer overflow vulnerability because the...

Apple iOS / MacOS NSKeyedArchiver Heap Corruption(CVE-2017-2524)

Using lldb inside a simple helloworld app for iOS we can see that there are over 600 classes which we could get deserialized for persistance for example. The TextInput framework which is loaded has a class TIKeyboardLayout. The initWithCoder: implementation has this code: this is the x86 code, th...

motel-listings.com XSS vulnerability

Vulnerable URL: http://www.motel-listings.com/Index.asp?Country=PH%22%27--!%3E%3CScript%20/K/%3Econfirm'OPENBUGBOUNTY'%3C/Script%20/K/%3E==Mandaue=404222 Details: Description| Value ---|--- Patched:| Yes, at 29.07.2017 Latest check for patch:| 29.07.2017 19:27 GMT Vulnerability type:| XSS...

WordPress < 4.7.5 Multiple Vulnerabilities

Binary data 700121.prm...

PlaySMS 1.4 - &#039;import.php&#039; Remote Code Execution

Exploit Title: PlaySMS 1.4 Remote Code Execution using Phonebook import Function in import.php Date: 21-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/ Category: webapps ...

CVE-2012-3545

...

About the security content of iCloud for Windows 6.2.1

About the security content of iCloud for Windows 6.2.1 This document describes the security content of iCloud for Windows 6.2.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none...