94 matches found
CVE-2019-13309
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c...
CVE-2019-9846
RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection...
CVE-2019-9139
DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution...
rockmaplenursery.com XSS vulnerability
Open Bug Bounty ID: OBB-719632 Description| Value ---|--- Affected Website:| rockmaplenursery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
RATELIMITED: Cross Site Request Forgery in auth in https://auth.ratelimited.me/
Hi there i found a vulnerable post that an attacker can execute csrf into the victim. Steps to reproduce: 1º login into your account and with burp on intercept the request off update profile. csrf1.jpg 2º Send the post request to the generator csrf poc and alter the details. history.pushState'',...
CVE-2018-11995
In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image...
email.windstreambusiness.com XSS vulnerability
Open Bug Bounty ID: OBB-695765 Description| Value ---|--- Affected Website:| email.windstreambusiness.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-13680
The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
edificio-saojoao2.empreendimentos.com.pt XSS vulnerability
Open Bug Bounty ID: OBB-629206 Description| Value ---|--- Affected Website:| edificio-saojoao2.empreendimentos.com.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...
CVE-2018-11578
GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault...
203.142.76.24 XSS vulnerability
Open Bug Bounty ID: OBB-483726 Description| Value ---|--- Affected Website:| 203.142.76.24 Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based...
Concrete CMS: Stored XSS on Add Calendar
Greetings, There is no soup like crayons soup with vegetables. Hello @Concrete5 Team. Like my last report 300532 I found other Stored XSS vulnerability in your nice CMS. If you don't mind I will omit what Stored - XSS is and its description, hope everything is fine in your side about that :. The...
stpaulsbarton.co.uk XSS vulnerability
Open Bug Bounty ID: OBB-215081 Description| Value ---|--- Affected Website:| stpaulsbarton.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2016-7793
sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL...
CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...
U.S. Dept Of Defense: Local File Inclusion vulnerability on an Army system allows downloading local files
A misconfigured Army website may have allowed unauthorized users to remotely download local files, potentially revealing sensitive system or user information. Nahamsec was able to demonstrate this vulnerability by crafting a particularly formatted URL. Thanks Nahamsec!...
progressiverecruitment.com XSS vulnerability
Vulnerable URL: http://www.progressiverecruitment.com/nl/job-search Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 357389 VIP website status:| No Check progressiverecruitment.com S...
payara -- Multiple vulnerabilities
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Administration. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability...
johnsoncontrols.no XSS vulnerability
Vulnerable URL: http://www.johnsoncontrols.no/content/no/no/search.html?q=%22%3E%3Cscript%3Ealert%28%22XSSPOSED%22%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 23:25 GMT Vulnerability type:| XSS Vulnerability status:|...
community.appnext.com XSS vulnerability
Vulnerable URL: http://community.appnext.com/outgoing?url=%3Csvg%20onload=confirm%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 07.04.2016 Latest check for patch:| 07.04.2016 02:22 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...