Posted by Rewanth Cool on Apr 09
NSE Script for CVE 2017-6527 which was released on 9th March, 2017.
Description:
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is
vulnerable to a NULL-terminated directory traversal attack allowing an
unauthenticated attacker to access system files readable by the web server
user (by using the viewAppletFsa.cgi seqID parameter).
There is a PR on #783 <https://github.com/nmap/nmap/pull/783> on the same.
Best regards,…
Posted by Wester 95 on Apr 09
Hi team,
I would like to request one CVE id for this, thank you!
Details
======
Software: s9y Serendipity
Version: 2.1-rc1
Homepage: https://docs.s9y.org/
=======
Description
================
stored XSS in Serendipity v2.1-rc1 allows attacker steals admin’s cookie and other informations
===========
POC
==========
1.login as a common editor user
2.open a new entry ,then write:
<img src=1 onerror=alert(document.cookie)>…
Posted by Manuel Garcia Cardenas on Apr 09
=============================================
MGC ALERT 2017-003
– Original release date: April 06, 2017
– Last revised: April 10, 2017
– Discovered by: Manuel García Cárdenas
– Severity: 7,1/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
————————-
WordPress Plugin Spider Event Calendar 1.5.51 – Blind SQL Injection
II. BACKGROUND
————————-
WordPress event calendar is a FREE…
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.
OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/.
In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the “anonymous” user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js.
Google Nexus Qualcomm TrustZone CVE-2016-5349 Information Disclosure Vulnerability
Google Nexus Qualcomm Qualcomm CP Access Driver CVE-2017-0583 Privilege Escalation Vulnerability
Remember The Shadow Brokers? They are back.
A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back.
Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to “Equation
Release 0.4.8 (no ABI or API changes)
* Add PHP7 compatibility
* Fix C++ output of disassembler
* Fix heap overflows in parser.c (CVE-2017-7578)
* Avoid division by zero in listmp3 when no valid frame was found (CVE-2016-9265)
* Don’t try printing unknown block (CVE-2016-9828)
* Parse Protect tag’s Password as string (CVE-2016-9827)
* Check values before deriving malloc parameters from them in parser.c (CVE-2016-9829)
* Make readString() stop reading string past buffer’s end
* Return EOF when reading unsigned values hits end of memory backed buffer
* Exit immediately when unexpected EOF is by fgetc() in utility programs (CVE-2016-9831)
* Fix using EOF marker -1 value as a valid flag byte (CVE-2016-9266)
* Fix division by zero sample rate due to global buffer overflow (CVE-2016-9264, CVE-2016-9265)