EUVD-2013-5409

Malware in sbrugna...

JBoss Status Servlet Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...

slideshare.net XSS vulnerability

Open Bug Bounty ID: OBB-569839 Description| Value ---|--- Affected Website:| slideshare.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)

In the last few months, I have been testing several Trend Micro products with Steven Seeley @steventseeley. Together, we have found more than 200+ RCE Remote Code Execution vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April...

LinkedIn SlideShare - Customized SSL, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application LinkedIn SlideShare published at the 'play' market has multiple vulnerabilities...

CVE-2013-5569

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-5569

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-5569

The CVE-2013-5569 entry concerns the Slideshare extension 0.1.0 for TYPO3, where a SQL injection vulnerability could allow remote attackers to execute arbitrary SQL commands via unspecified vectors. The affected component is the TYPO3 Slideshare extension (version 0.1.0); the underlying root caus...

CVE-2013-5569

SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: fed, myquizpoll, push2rss3ds, slideshare, wecdiscussion Release Date: February 19, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with neither significant...

Google Android 2.02.12.1.1 - WebKit Use-After-Free

Google Android 2.02.12.1.1 - WebKit Use-After-Free function heap var id = document.getElementById"target"; var attribute = id.getAttributeNode'id'; nodes = attribute.childNodes; document.body.removeChildid; attribute.removeChildnodes0; setTimeoutfunction for var i = 0; i 70000; i++ var s = new...