A XSS vulnerability exists in the getTip() method of Action Columns.
The Ext JS framework brings no built-in XSS protection, meaning that
developers are responsible for sanitizing their output. However. the method
above takes HTML-escaped data and un-escapes it. Therefore if the tooltip
contains
ntop-ng Authentication bypass (CVE-2018-12520)
# Product Details
ntopng is the next generation version of the original ntop, a network
traffic probe that shows the network usage, similar to what the popular top
Unix command does. ntopng is based on libpcap and it has been written in a
portable
Hi List,
[Title]
XXE in WeChat Pay Sdk ( WeChat leave a backdoor on merchant websites)
--
[Background]
“Mobile payments surge to $9 trillion a year, changing how people shop,
borrow—even panhandle”, as WSJ.com once reported. As a payment
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
DSA-2018-122: RSA Certificate Manager Path Traversal Vulnerability
Dell EMC Identifier: DSA-2018-122
CVE Identifier: CVE-2018-11051
Severity: High
Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected
Hello,
We have discovered and responsibly disclosed seven vulnerabilities affecting
390 Axis IP Camera models.
Chaining three of these vulnerabilities together, allows an unauthenticated
attacker to execute commands on the cameras as root over the network.
A technical blog post with the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
APPLE-SA-2018-06-27-1 SwiftNIO 1.8.0
SwiftNIO 1.8.0 is now available and addresses the following:
SwiftNIO
Available for: macOS Sierra 10.12 and later, Ubuntu 14.04 and later
Impact: A remote attacker may be able to overwrite arbitrary memory
# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External
DNS Interaction
# Vendor Homepage: https://www.microsoft.com/
# Version: 2010
# CVE : CVE-2018-12571
# MSRC: Case 39000
# Proof of Concept #1
Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to
Reference: https://dumpco.re/blog/openslp-2.0.0-double-free
2018-06-28
SLPD DOUBLE FREE
An issue was found in openslp-2.0.0 that can be used to induce a double free
bug or memory corruption by
corrupting glibc's doubly-linked memory chunk list.
On line 409 of slpd_process.c,
> [Suggested description]
> An issue was discovered on D-Link DIR-890L A2 devices.
> Due to the predictability of the /docs/captcha_(number).jpeg URI,
> being local to the network, but unauthenticated to the administrator's
> panel, an attacker can disclose the CAPTCHAs used by the access point
>
KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability
Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability
Advisory ID: KL-001-2018-008
Publication Date: 2018.06.25
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2018-008.txt
1. Vulnerability Details
Product: OX App Suite
Vendor: OX Software GmbH
Internal reference: 58055 (Bug ID)
Vulnerability type: XEE (CWE-611)
Vulnerable version: 7.8.4
Vulnerable component: office
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 7.6.3-rev37, 7.8.2-rev40, 7.8.3-rev48,
Faraday helps you to host your own vulnerability management platform
now and streamline your team in one place.
We are pleased to announce the newest version of Faraday v3.0. In this
new version we have made major architecture changes to adapt our
software to the new challenges of cyber security.
Overview
Researchers of NVEL4 Cybersecurity company have discovered that it is
possible to access to the config file bypassing admin authentication and
authorization. The vulnerability has been reported to the vendor. The
vendor has confirmed the vulnerability but not issued to security
Hello,
It is possible to trigger a BSOD caused by a Null pointer deference when
calling the system call NtUserConsoleControl with the following arguments:
- NtUserControlConsole(1,0,8).
- NtUserControlConsole(4,0,8).
- NtUserControlConsole(6,0,12).
- NtUserControlConsole(2,0,12).
14 matches
Mail list logo