Cross site scripting

Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on...

CVE-2019-1010060

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by...

CVE-2019-1010060

NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by...

GE Aviation Passwords, Source Code Exposed in Open Jenkins Server

A public Jenkins server owned by GE Aviation has exposed source code, plaintext passwords, global system configuration details and private keys from the company’s internal commercial infrastructure. GE Aviation, a subsidiary of General Electrics, is among the top commercial aircraft engine...

RIPS 3.2: Patch Generation and New IDE Integrations

Automated Patch Generation RIPS scans your source code for critical security vulnerabilities fully automated in only a few minutes. But the most time-intense task when securing your application is to research and to write code patches that fix all the detected security problems sufficiently...

Ubuntu-Maker Canonical's GitHub Account Gets Hacked

An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories. It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent"...

FreeBSD-SA-19:11.cd_ioctl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:11.cdioctl Security Advisory The FreeBSD Project Topic: Privilege escalation in cd4 driver Category: core Module: kernel Announced: 2019-07-02 Credits: Alex...

FreeBSD-SA-19:09.iconv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:09.iconv Security Advisory The FreeBSD Project Topic: iconv buffer overflow Category: core Module: libc Announced: 2019-07-02 Credits: Andrea Venturoli ,...

CVE-2019-12968

A vulnerability was found in the Sonic Robo Blast 2 SRB2 plugin EPVersions 9 to 11 inclusive distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to...

CVE-2019-12968

A vulnerability was found in the Sonic Robo Blast 2 SRB2 plugin EPVersions 9 to 11 inclusive distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to...

CVE-2019-12968

CVE-2019-12968 affects the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9–11) bundled with Doomseeker 1.1/1.2. Affected plugin versions fail to discard IP packets with an unnaturally long response length from an SRB2 master server, enabling a remote attacker to trigger a potential crash or denia...

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

CVE-2019-10028

Denial of Service DOS in Dial Reference Source Code Used before June 18th, 2019...

CVE-2019-10028

Denial of Service DOS in Dial Reference Source Code Used before June 18th, 2019...

URLextractor - Information Gathering and Website Reconnaissance

Informationgathering & website reconnaissance Usage: ./extractor http://www.hackthissite.org/ Tips: Colorex: put colors to the ouput pip install colorex and use it like ./extractor http://www.hackthissite.org/ | colorex -g "INFO" -r "ALERT" Tldextract: is used by dnsenumeration function pip insta...

Buggy Phishing Kits Allow Criminals to Cannibalize Their Own

They say it’s a dog-eat-dog world out there, but in cybercrime terms, perhaps it should be called a “phish-eat-phish” situation. Researchers recently discovered that several widely used phishing kits harbor vulnerabilities that can be exploited by other criminals to hijack operations – and...

curl: Integer overflow in the source code tool_cb_prg.c

Summary: Integer overflow in the source code toolcbprg.c Steps To Reproduce: Review the source code of toolcbprg.c In the function fly, pay attention to Line 80, 82, 84 C 69 static void flystruct ProgressData bar, bool moved 70 71 char buf256; 72 int pos; 73 int check = bar-width - 2; 74 75...

EUVD-2017-6225

An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public...

CVE-2019-6725

The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 2.00AAKK.3 devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin...