51 matches found
CVE-2022-44840
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function findsectioninset in file readelf.c...
USN-6204-1: CPDB vulnerability
Seth Arnold discovered that CPDB incorrectly handled certain characters. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
CVE-2023-25587
binutils: NULL pointer segmentation fault when accessing field thebfd in function comparesymbols Notes Author| Note ---|--- seth-arnold | binutils isn't safe for untrusted inputs...
sethkellerportfolio.com Cross Site Scripting vulnerability OBB-3189613
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SLOT owners lose half their value when there is no sETH deposited to the Syndicate.
Lines of code Vulnerability details Description The Syndicate contract uses total balance as collateral for both sETH accumulatedETHPerFreeFloatingShare and SLOT rewards accumulatedETHPerCollateralizedSlotPerKnot. They are updated in the following function: function updateAccruedETHPerShares publ...
CVE-2022-38126
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2021-40926
Cross-site scripting XSS vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter...
CVE-2013-2745
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0...
CVE-2019-5419
There is a possible denial of service vulnerability in Action View Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive...
Twenty Years of Network Security Monitoring: From the AFCERT to Corelight
I am really fired up to join Corelight. I’ve had to keep my involvement with the team a secret since officially starting on July 20th. Why was I so excited about this company? Let me step backwards to help explain my present situation, and forecast the future. Twenty years ago this month I joined...
MITM RDP Connections: Seth
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops...
CVE-2018-8769
elfutils 0.170 has a buffer over-read in the ebldynamictagname function of libebl/ebldynamictagname.c because SYMTABSHNDX is unsupported...
CVE-2011-5320
scanf and related functions in glibc before 2.15 allow local users to cause a denial of service segmentation fault via a large string of 0s...
CVE-2015-1786
Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...
CVE-2017-6886
An error within the "parsetiffifd" function internal/dcrawcommon.cpp in LibRaw versions before 0.18.2 can be exploited to corrupt memory...
CVE-2017-5618
GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
CVE-2016-5399
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service out-of-bounds write or execute arbitrary code via a crafted bz2 archive...
CVE-2015-5332
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...
EntityBulkDelete - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-089
EntityBulkDelete module allows you to delete entities in bulk using the Batch API. The module doesn't sufficiently sanitize user supplied text in some administration pages, thereby exposing a Cross Site Scripting vulnerability. This vulnerability is mitigated by the fact that an attacker must be...