Exploit for CVE-2018-11776

CVE-2018-11776 On August 23, 2018, Apache Struts2 released a...

CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

Security Bulletin: Vulnerability in Apache Commons affects Rational Directory Server Tivoli and Rational Directory Administrator (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by the Apache Software Foundation and incorporated into an IBM WebSphere Application Server Liberty fixes. Vulnerability Details IBM Rational Directory Server Tivoli and Rational Directory...

Security Bulletin: Vulnerability in RC4 stream cipher affects Algo Credit Limits (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Algo Credit Limits. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...

MGASA-2018-0278 Updated scummvm packages fix security vulnerability

Updated scummvm package fixes security vulnerability ScummVM 1.8.1's POSIX backend does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL CVE-2017-17528. This...

New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)

Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow, proxyOverflow, transferFlaw, ownerAnyone. Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from...

Node.js third-party modules: [statics-server] Path Traversal due to lack of provided path sanitization

Hi Team, I would like to report Path Traversal in statics-server module. It allows to read content of any arbitrary file from the server. Module module name: statics-server version: 0.0.9 npm page: https://www.npmjs.com/package/statics-server Module Description npm install statics-server -g Go to...

openSUSE: Security Advisory for zsh (openSUSE-SU-2018:1093-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately

Damn! You have to update your Drupal websites. Yes, of course once again—literally it's the third time in last 30 days. As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution RCE vulnerability, affecting its...

OPENSUSE-SU-2018:0953-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: - update to 4.1.2 - New Features - 6344: Add FFI version of gettag. - Improvements - 6298, 6303, 6268, 6290: Add the option to set the AXFR timeout for RPZs. - 6172: IXFR: correct behavior of dealing with DNS Name with multiple records and...

Solaris 10 (sparc) : 125136-75

JavaSE 6: update 75 patch equivalent to JDK 6u75. Date this patch was last updated by Sun : Apr/14/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; ...

CVE-2018-1000019

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

Updated ffmpeg packages fix security vulnerability

This update provides ffmpeg version 3.3.6, which fixes several security vulnerabilities and other bugs which were corrected upstream...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CVE-2017-10271 CVE-2017-10271 Weblogic 漏洞验证P...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

gerflor.ae XSS vulnerability

Vulnerable URL: http://www.gerflor.ae/search.html?search=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FOPENBUGBOUNTY%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1716535 VIP website status:| No Coordinated...

katholisch-backnang.de XSS vulnerability

Vulnerable URL: https://katholisch-backnang.de/popup/email.php?emailname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E\n Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4994323 VIP website status:| No Coordinated...

savefrom1.online XSS vulnerability

Vulnerable URL: http://savefrom1.online/search.php/x%22%3E%3CsvG%20onLoad=prompt9%3E/?search=DZP-ROOBAI Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 447212 VIP website status:| No Coordinated Disclosure...

naromtravel.com.mk Open Redirect vulnerability

Vulnerable URL: http://www.naromtravel.com.mk/reklamaClick.aspx?url=http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 17807485 VIP website status:| No Coordinated Disclosure...

jicstest.southeasttech.edu XSS vulnerability

Vulnerable URL: https://jicstest.southeasttech.edu/ICS/?tool=search=sdfg%22%27--!%3E%3CScript%20/K/%3Econfirm%271%27%3C/Script%20/K/%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...