Tor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
cf495bd49850c516bb8103c472dcfa4dThis write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.
271de236533c8c6c6b398877415184dbTorBrowser versions 7.0.8 and below for Mac OS X and Linux are affected by a critical security issue. According to the Tor Project, further details will be released in the near future. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.
bdaa06ecaa680697e010dd8fc2955491Mac OS X contains a vulnerability that allows the bypass of the Apple Quarantine and the execution of arbitrary Javascript code without restrictions.
7f3e94a8e7dafebd1c8b7b6ad3c50eadSquirrelmail versions 1.4.22 and below suffer from a remote code execution vulnerability.
800720d25684ef211bcc844e0901eb71Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
e91bbb1783caba77f5771c4e79a5192fMicrosoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.
336d81c17a6a5985da59e4a0d204dc5dHtcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
a4f577e9f89d71d5f6c3d79d81ba29d4Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.
eca7235592ede1e4ce40d0d71bcb9cb9Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
09bdd3514bd444e411a87140b8bd28c2Symphony CMS version 2.6.5 suffers from remote file upload and remote SQL injection vulnerabilities.
5ba5376c7ffba97a3910b4d7ac900c7aProjetSend version r582 suffers from authentication bypass, remote SQL injection, insecure direct object reference, and directory traversal / arbitrary file read vulnerabilities.
8a8ca63e1ef564c23c17f2ea23ca1e65Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
16b53ba407c04e4843e48ce107b43931Lychee version 2.7.1 suffers from a remote code execution vulnerability when logged in as an administrator.
ffeb76aee22dd08c5004ddb2e4550767DokuWiki version 2014-09-29c suffers from a persistent cross site scripting vulnerability.
d3db16619a5fcb55c0958d6ed9403730LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
2427d2cf98e92db38be0f21c58da1065OSClass versions 2.3.5 and below suffer from a directory traversal vulnerability.
f829273ebc8e11ba1061dadaf7374284OSClass version 2.3.4 suffers from cross site scripting, remote file inclusion and remote SQL injection vulnerabilities.
a12abb24c0bcbb63744f41b14614b5bbPostfixadmin version 2.3. 4 suffers from cross site scripting and remote SQL injection vulnerabilities.
dd4d0622a04f9e835b76a657cce1e426Mibew Messenger version 1.6.4 suffers from multiple cross site scripting vulnerabilities.
f32c2798bd75a6a10e425d0591bc87c3
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed