[SECURITY] Fedora 27 Update: nspr-4.20.0-1.fc27

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

[SECURITY] Fedora 28 Update: nspr-4.20.0-1.fc28

NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...

QEMU Denial of Service Vulnerability (CNVD-2018-17099)

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in the qemu-seccomp.c file in QEMU, which stems from the program incorrectly handling the seccomp policy for...

UBUNTU-CVE-2018-15746

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service guest crash by leveraging mishandling of the seccomp policy for threads other than the main thread...

OracleVM 3.4 : xen (OVMSA-2018-0251) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: xen commit=18ec2b68e519646188fd26a05b2cd26ebd829035 - BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff - BUILDINFO: QEMU traditional...

OracleVM 3.4 : xen (OVMSA-2018-0246) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : - BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8 - BUILDINFO: xen commit=02cec92b3eb1612e37616b10400d82f1e3d8de85 - BUILDINFO: QEMU upstream...

Samsung SmartThings Hub video-core database shard code execution vulnerabilities(CVE-2018-3912 - CVE-2018-3917)

Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer...

Photon - Incredibly Fast Crawler Which Extracts Urls, Emails, Files, Website Accounts And Much More

Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. Yep, you can use 100 threads and Photon won't complain about it because its in Ninja Mode. Why Photon? Not Your Regular Crawler Crawlers are supposed to recursively extract links right? Well that's...

MyBB New Threads Plugin Cross-Site Scripting Vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL.New Threads plugin is used in one of the theme plugin. A cross-site scripting vulnerability exists in MyBB New Threads plugin versions prior to 1.2. A remote attacker can exploit this...

[SECURITY] Fedora 27 Update: uwsgi-2.0.17.1-1.fc27

uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...

Cross site scripting

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

The New Threads plugin before 1.2 for MyBB has XSS...

CVE-2018-14392

CVE-2018-14392 corresponds to an XSS vulnerability in the MyBB New Threads plugin (pre-1.2). Affected product/component: MyBB, New Threads plugin for MyBB (PHP/MySQL). Root cause: the thread titles are not properly sanitized, enabling cross‑site scripting. Impact: arbitrary script execution when ...

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Date: 7/16/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE:...

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Date: 7/16/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 1. Description: New Threads is a plugi...

MyBB New Threads Plugin 1.1 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 ...

Use-After-free Vulnerability

libcurl.so is vulnerable to use after-free vulnerability. The attack is possible when cookies are shared among many easy handles simultaneously used in different threads...

MyBB Recent Threads plugin cross-site scripting vulnerability

MyBB aka MyBulletinBoard is a free and web-based forum software developed by the MyBB team using PHP and MySQL.Recent Threads plugin is used in which a plugin for displaying recent and unread messages. A cross-site scripting vulnerability exists in versions of the MyBB Recent Threads plugin prior...

CVE-2017-5392

Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This...