CVE-2018-8754

The libevtrecordvaluesreadevent function in libevtrecordvalues.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub...

CVE-2018-8754

The libevtrecordvaluesreadevent function in libevtrecordvalues.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on GitHub...

SUSE SLES11 Security Update : augeas (SUSE-SU-2018:0653-1)

This update for augeas fixes the following issues: Security issues fixed : - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parsename bsc1054171. - CVE-2014-8119: Fix improper handling of escaped strin...

SUSE SLED12 / SLES12 Security Update : augeas (SUSE-SU-2018:0650-1)

This update for augeas fixes the following issues: Security issue fixed : - CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parsename bsc1054171. Note that Tenable Network Security has extracted the...

March 8, 2018—KB4092077 (OS Build 15063.936)

March 8, 2018—KB4092077 OS Build 15063.936 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue where, after installing this update, some localized devices have incorrect string...

Cross site request forgery (csrf)

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which...

CVE-2018-5467

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which...

CVE-2018-5467

CVE-2018-5467 affects Belden Hirschmann Classic Platform Switches (RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, OCTOPUS all versions). It is an Information Exposure Through Query Strings in GET Request vulnerability in the web interface, potentially enabling an attacker to impersonate a legitim...

CVE-2018-5467

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which...

Regular Expression Denial Of Service (ReDoS)

marked is vulnerable to regular expression denial of service ReDoS attacks.The application takes more than linear time when scanning certain strings, resulting in a DoS...

CVE-2016-6272

XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate...

FreeBSD : irssi -- multiple vulnerabilities (7afc5e56-156d-11e8-95f2-005056925db4)

Irssi reports : Use after free when server is disconnected during netsplits. Found by Joseph Bisch. Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch. NULL pointer dereference when an 'empty' nick has been observed by Irssi. Found by Joseph Bisch. When the...

openSUSE Security Update : irssi (openSUSE-2018-171)

This update for irssi fixes the following security issues : - CVE-2018-7054: Use after free when server is disconnected during netsplits - CVE-2018-7053: Use after free when SASL messages are received in unexpected order - CVE-2018-7050: NULL pointer dereference when an 'empty' nick has been...

CVE-2018-7051

An out of bound read was found in Irssi, version 0.8.7 and later, when dealing with malformed theme strings. An attacker could trigger the vulnerability by using specific nick names that could potentially cause a crash in the application...

UBUNTU-CVE-2018-7186

Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and...

IntruderPayloads - A Collection Of Burpsuite Intruder Payloads, Fuzz Lists And File Uploads

A collection of Burpsuite Intruder payloads and fuzz lists and pentesting methodology. To pull down all 3rd party repos, run install.sh in the same directory of the IntruderPayloads folder. Author: 1N3@CrowdShield https://crowdshield.com PENTEST METHODOLOGY v2.0 BASIC PASSIVE AND ACTIVE CHECKS:...

EPIC MyChart - X-Path Injection

Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...

CVE-2018-7051

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings...

DEBIAN-CVE-2018-7051

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings...

CVE-2018-7051

An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings...