17 matches found
CVE-2022-27646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
Stack overflow
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2022-27646
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
CVE-2022-27646
CVE-2022-27646 affects NETGEAR R6700v3 with firmware 1.0.4.120_10.0.91. The circled daemon (circled) accepts a crafted circleinfo.txt file that overflows a fixed-length stack buffer, enabling arbitrary code execution with root privileges. Authentication is required but bypassable per disclosures....
CVE-2020-15879
Bitwarden Server 1.35.1 is affected by CVE-2020-15879: it allows SSRF because it does not consider certain IPv6 addresses (fc*/fd*/fe*/ff* and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16). The connected sources confirm a SSRF issue in Bitwarden Server, but e...
CVE-2019-15879
creationtimestamp| type| source ---|---|--- 2020-05-13 20:34:12+00:00| seen| https://t.me/cibsecurity/12044...
CVE-2019-15879
In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel...
CVE-2019-15879
Summary: CVE-2019-15879 affects FreeBSD cryptodev in 11.x/12.x releases. A race condition allowed a data structure in the kernel to be used after it was freed (use-after-free), enabling an unprivileged process to overwrite arbitrary kernel memory. Affected components: cryptodev kernel module in F...
FreeBSD : FreeBSD -- Use after free in cryptodev module (9f15c2da-947e-11ea-92ab-00163e433440)
A race condition permitted a data structure in the kernel to be used after it was freed by the cryptodev module. Impact : An unprivileged process can overwrite arbitrary kernel memory. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
CVE-2018-15879
CVE-2018-15879 is rejected/not used per the Initial Description.
CVE-2018-15879
...
KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection
Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...
CVE-2017-15879
CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...
CVE-2017-15879
CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...
CVE-2017-15879
CVE-2017-15879 affects KeystoneJS before 4.0.0-beta.7. The CSV injection vulnerability arises in the CSV export path via values mishandled in admin/server/api/download.js and lib/list/getCSVData.js, enabling Excel macro/formula injection. Documentation indicates the issue exists prior to version ...