CVE-2017-1000355

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...

BSD/x86 - execve (/bin/sh) + seteuid(0) Shellcode (31 bytes)

/ simply execvebinsh+seteuid0 shellcode in 31 bytes written on nasm - my first nasm exp. greetz2: mig darknet /EFnet.org nerf nerf /EFnet.org dev0id rus-sec /EFnet.org rootteam.void.ru / char shellcode = "\x31\xc0\x50\xb0\xb7\xcd\x80\x50\x31\xc0\x50\x68\x2f\x2f\x73"...

librawspeed/LJpegDecompressorFuzzer: Use-after-poison in void rawspeed::LJpegDecompressor::decodeN<4>

Project: https://github.com/darktable-org/rawspeed.git Detailed report: https://oss-fuzz.com/testcase?key=6742329370083328 Project: librawspeed Fuzzer: libFuzzerlibrawspeedLJpegDecompressorFuzzer Fuzz target binary: LJpegDecompressorFuzzer Job Type: libfuzzerasanlibrawspeed Platform Id: linux Cra...

XStream: DoS when unmarshalling void type

It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker coul...

XStream: DoS when unmarshalling void type

It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker coul...

XStream: DoS when unmarshalling void type

It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker coul...

dlplibs: Index-out-of-bounds in boost::spirit::traits::pow10_helper<double, void>::call

Detailed report: https://oss-fuzz.com/testcase?key=4891413823094784 Project: dlplibs Fuzzer: libFuzzerdlplibsvdxfuzzer Fuzz target binary: vdxfuzzer Job Type: libfuzzerubsandlplibs Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State:...

dlplibs: Global-buffer-overflow in boost::spirit::traits::pow10_helper<double, void>::call

Detailed report: https://oss-fuzz.com/testcase?key=5309012033667072 Project: dlplibs Fuzzer: afldlplibsvsdxfuzzer Fuzz target binary: vsdxfuzzer Job Type: aflasandlplibs Platform Id: linux Crash Type: Global-buffer-overflow READ 8 Crash Address: 0x0000009b69c8 Crash State:...

CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

UBUNTU-CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

DEBIAN-CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

void-avengers.aqlaunch.com XSS vulnerability

Vulnerable URL: http://void-avengers.aqlaunch.com/recruiting/login.php?destination=test%22%27--!%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

Jenkins XStream: Java crash when trying to instantiate void/Void (CVE-2017-1000355)

Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to...

CVE-2017-1000355

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...

The Void - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application The Void published at the 'play' market has multiple vulnerabilities...

JosephErnest Void跨站脚本漏洞

No description provided by source...

CVE-2015-7777

Cross-site scripting XSS vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI...

CVE-2015-7777

CVE-2015-7777 corresponds to a cross-site scripting (XSS) vulnerability in the index.php script of the JosephErnest Void CMS, exploitable via a crafted URI to affect Void versions released before 2015-10-02. Public sources in connected documents confirm the affected product (Void CMS), the vulner...