5327 matches found
CVE-2018-13378
An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code...
[SECURITY] Fedora 29 Update: checkstyle-8.0-4.1.fc29
A tool for checking Java source code for adherence to a set of rules...
Fedora Update for checkstyle FEDORA-2019-a3f67e2364
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 28 Update: checkstyle-8.0-4.1.fc28
A tool for checking Java source code for adherence to a set of rules...
Magento 2 SQL Injection
SQL Injection vulnerability in Magento 2 Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...
NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
Update 4/4/2019 — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository. GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade t...
NSA Releases GHIDRA Source Code — Free Reverse Engineering Tool
Update 4/4/2019 — Great news. NSA today finally released the complete source code for GHIDRA version 9.0.2 which is now available on its Github repository. GHIDRA is agency's home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade t...
Mail.ru: Source code disclosure
PHP configuration file was available for download on few terrhq.ru subdomains...
FortiSIEM LDAP server password reflected in admin portal
An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist XSS, social engineering, pro...
CVE-2017-18365
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
Deserialization of untrusted data
The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in the product's source code. By sending a...
Fat Free CRM 0.19.0 - HTML Injection
Exploit Title: Fat Free CRM v0.19.0 - HTML Injection Date: 2019-03-20 Exploit Author: Ismail Tasdelen Vendor Homepage: http://www.fatfreecrm.com/ Source Code : https://github.com/fatfreecrm Software : Fat Free CRM Product Version: v0.19.0 Vulnerability Type : Code Injection Vulnerability : HTML...
i-doit 1.12 - qr.php Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: email protected Website: https://securelayer7.net Category: webapps Tested on: Firefox i...
Confluence File Disclosure
File disclosure vulnerability in Confluence widget connector macro Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Authentication flaw
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. After successful authentication, the device sends an authentication cookie to the end user such that they can access the devices web administration panel. This token is hard-coded to a string in the source code...
Bold CMS 3.6.4 Cross Site Scripting
Exploit Title: Bold CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bold CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-site Scripting Vulenrability : Stored X...
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code from GitHub, compiled with AddressSanitizer: --- cut --- ...
Router exploitation of the Stack Overflow entry II-vulnerability warning-the black bar safety net
Foreword Finally, in learning MIPS vulnerability discovery process, to find a good drone platform The Damn Vulnerable Router Firmware Project Project address: https://github.com/praetorian-inc/DVRF The goal of this project is to simulate a real world environment to help people learn about other C...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...
IBM Content Navigator Information Disclosure Vulnerability
IBM Content Navigator is a Web client from IBM USA. The product supports searching and processing documents stored in content servers from a Web browser. A security vulnerability exists in IBM Content Navigator version 2.0.3 and 3.0CD, which originates from the program's use of a public key store...