9593 matches found
Staubli Jacquard Industrial System JC6 Shellshock Vulnerability
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...
CVE-2018-11889
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free...
Design/Logic Flaw
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entrynumber. This variable is private, yet it is readable by eth.getStorageAt function. Also, attackers can purchase a tick...
Design/Logic Flaw
In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while accessing global variable "debugclient" in multi-thread manner, Use after free issue occurs...
Solaris 'EXTREMEPARR' dtappgather Privilege Escalation
This module exploits a directory traversal vulnerability in the dtappgather executable included with Common Desktop Environment CDE on unpatched Solaris systems prior to Solaris 10u11 which allows users to gain root privileges. dtappgather allows users to create a user-owned directory at any...
Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit
This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the...
Buffer overflow
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the domkd function in the ftpproto.c file. An attacker can overwrite ebp via a long pathname...
Researchers Heat Up Cold-Boot Attack That Works on All Laptops
A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...
GitLab: Bypass of GitLab CI runner slash fix in YAML validation
Hi Gitlab Security, I notice the bug 301432 that Jobert reported earlier is could be bypassed by setting variable in environment. The reason is that the fix in place preventing url normalization is performed by doing the YAML validation, however this could be bypassed by setting the environment...
CVE-2018-15552
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" which is private, yet predictable and readable by the eth.getStorageAt function. Therefore, it allow...
Remote Code Execution Vulnerability in All Series of ECShop Versions
ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A remote code execution vulnerability exists ...
Denial Of Service (DoS)
libX11.so is vulnerable to denial of service DoS attacks. A malicious user can pass a reply where the first string overflows the number of bytes transmitted, causing a variable to be set NULL, crashing the application...
CVE-2018-14598
An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS segmentation fault...
CVE-2018-1000645
LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...
CVE-2018-1000645
LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...
Arbitrary file deletion
LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...
CVE-2018-1000645
LibreHealthIO lh-ehr version REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive files on the server. This attack appear to be exploitable via User controlled variable in import...
PT-2018-3684 · Google +8 · Libwebp +8
Name of the Vulnerable Software and Affected Versions: libwebp versions prior to 1.0.1 Description: The issue is related to the use of an uninitialized variable in the libwebp library, which is used for encoding and decoding WebP images. This could allow a remote attacker to execute arbitrary cod...
CVE-2018-15560
PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNIdecrypt functions, leading to the mishandling of messages shorter than 16 bytes...
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched Version: 1.0.9 CVE : N/A WPVULNDB:...