A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted ‘config_option’ parameter. This is fixed in 1.3.9, 2.1.3, and 2.2.3.
All posts by 007admin
CVE-2017-2647
The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.
CVE-2017-7363
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.
How Russia Hacks You
Former National Security Adviser Seeks Immunity
CVE-2016-9319
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
CVE-2008-7313
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. (CVSS:7.5) (Last Update:2017-04-04)
CVE-2014-5009
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. (CVSS:7.5) (Last Update:2017-04-04)
CVE-2016-6209
Cross-site scripting (XSS) vulnerability in Nagios. (CVSS:4.3) (Last Update:2017-04-04)
DSA-3825 jhead – security update
It was discovered that jhead, a tool to manipulate the non-image part of
EXIF compliant JPEG files, is prone to an out-of-bounds access
vulnerability, which may result in denial of service or, potentially,
the execution of arbitrary code if an image with specially crafted EXIF
data is processed.