4499 matches found
Instainsane - Multi-threaded Instagram Brute Forcer
Instainsane is a Shell Script to perform multi-threaded brute force attack against Instagram, this script can bypass login limiting and it can test infinite number of passwords with a rate of about 1000 passwords/min with 100 attemps at once. Legal disclaimer: Usage of InstaInsane for attacking...
openSUSE Security Update : haproxy (openSUSE-2019-824)
This update for haproxy to version 1.8.14 fixes the following issues : These security issues were fixed : - CVE-2018-14645: A flaw was discovered in the HPACK decoder what caused an out-of-bounds read in hpackvalididx that resulted in a remote crash and denial of service bsc1108683 -...
CVE-2018-14575
Trash Bin plugin 1.1.3 for MyBB has cross-site scripting XSS via a thread subject and a cross-site request forgery CSRF via a post subject...
Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager
Posted by James Forshaw, Project Zero This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers...
GLSA-201903-10 : OpenSSL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201903-10 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. Impact : A remote attacker to obtain sensitive information, caus...
GHSA-8554-JXCW-454Q Webargs mishandles concurrent JSON parsing
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
Insecure Caching
webargs uses insecure caching. Parsed JSON body is stored in a short-lived cache that would cause incorrect JSON payloads to be parsed for concurrent requests due to the cache not being thread-safe...
PYSEC-2019-139
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
Design/Logic Flaw
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
PYSEC-2019-69
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
PYSEC-2019-139
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
CVE-2019-9710
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
CVE-2019-9710
The CVE-2019-9710 entry refers to webargs before 5.1.3 (used with marshmallow and other products). The vulnerability is a non-thread-safe, short-lived cache used for parsing the JSON body, which could cause incorrect JSON payloads to be parsed under concurrent requests. Affected component: webarg...
CVE-2019-9710
An issue was discovered in webargs before 5.1.3, as used with marshmallow and other products. JSON parsing uses a short-lived cache to store the parsed JSON body. This cache is not thread-safe, meaning that incorrect JSON payloads could have been parsed for concurrent requests...
vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection
Exploit Title : vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 04/03/2019 Vendor Homepages : vbulletin.com dragonbyte-tech.com Software Information Link :...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger this by closing the browser while running the attached poc; I'm not sure if there's a...
The vulnerability of the elf_link_input_bfd function in the GNU Binutils development environment, related to the handling of zero pointer assignments, allows a hacker to trigger a service failure.
The vulnerability of the elflinkinputbfd function in the GNU Binutils development toolset is related to the use of a null pointer pointer when searching for STTTLS symbols, especially when TLS sections are not present. Exploiting this vulnerability can allow an attacker to cause a service failure...
Updated radvd packages fix security vulnerability
A flaw was found in radvd. In case of misconfiguration a race condition between privsep and main thread occurs. This leads to double-free and crashing of radvd rhbz1669297...
LayerBB 1.1.2 - Cross-Site Scripting
LayerBB 1.1.2 - Cross-Site Scripting Exploit Title: LayerBB 1.1.2 - Cross-Site Scripting Date: 11/19/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=28 Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-7688 1...