2204 matches found
Code injection
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...
CVE-2017-13092 The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle
The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property IP, as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most...
XSS Vulnerability in Code Block Macro
h3. Summary There appears to be an XSS vulnerability when using the powershell syntax from within the Confluence Code Block Macro h3. Environment Confluence 6.6.6 h3. Steps to Reproduce Create a test page add macros code block select language=powershell enter...
BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs
The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...
Hanno's projects: blind sql injection
Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...
Joomla EkRishta 2.10 Component - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win ...
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
Joomla EkRishta 2.10 SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
DEBIAN-CVE-2016-1000342
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...
Espruino Buffer Overflow Vulnerability (CNVD-2018-10888)
Espruino is a JavaScript interpreter for microcontrollers. A buffer overflow vulnerability exists in Espruino prior to 1.99. The vulnerability arises due to the misuse of strncat during syntax parsing. An attacker can exploit this vulnerability via a specially crafted input file to cause a denial...
CVE-2018-11592
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrapgraphics.c...
CVE-2018-11596
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c...
CVE-2018-11595
Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused...
CVE-2018-11597
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack exhaustion with many '' characters in jsparse.c...
Null pointer dereference
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...
Integer overflow
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c...
Buffer overflow
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c...
Out-of-bounds
Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrapgraphics.c...
Buffer overflow
Espruino before 1.99 allows attackers to cause a denial of service application crash with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c...
Buffer overflow
Espruino before 1.99 allows attackers to cause a denial of service application crash and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c...