CVE-2019-18345

creationtimestamp| type| source ---|---|--- 2024-03-11 08:41:24+00:00| seen| https://t.me/ctinow/204509 2024-10-14 21:15:02+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/507...

SUSE CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

CVE-2022-42370

PDF-XChange Editor is affected by CVE-2022-42370 due to a flaw in U3D file parsing that can trigger a write past the end of an allocated buffer, enabling arbitrary code execution when a user opens a malicious file/page. Exploitation requires user interaction. Affected products/versions are not ex...

Arbitrary Code Execution Over HTTP Traffic (CVE-2011-2523; CVE-2019-18345; CVE-2019-19143; CVE-2020-15492; CVE-2020-16210; CVE-2020-21526; CVE-2020-24379; CVE-2020-6142; CVE-2020-8010; CVE-2020-9380)

Arbitrary Code Execution Over HTTP Traffic...

[SECURITY] [DLA 2034-1] davical security update

Package : davical Version : 1.1.3.1-1+deb8u1 CVE ID : CVE-2019-18345 CVE-2019-18346 CVE-2019-18347 Debian Bug : 946343 Multiple cross-site scripting and cross-site request forgery issues were discovered in the DAViCal CalDAV Server. For Debian 8 "Jessie", these problems have been fixed in version...

[SECURITY] [DSA 4582-1] davical security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 13, 2019 https://www.debian.org/security/faq -...

CVE-2019-18345

The CVE-2019-18345 issue affects the DAViCal CalDAV Server (through 1.1.8) where the action parameter is echoed without encoding, enabling reflected XSS. Impact stated in sources: an attacker visiting a crafted link can view the attacked user’s data and perform actions on behalf of that user; if ...

Fedora 29 : chromium (2019-859384e002)

Update to Chromium 71. Fixes CVE-2018-17480 CVE-2018-17481 CVE-2018-18335 CVE-2018-18336 CVE-2018-18337 CVE-2018-18338 CVE-2018-18339 CVE-2018-18340 CVE-2018-18341 CVE-2018-18342 CVE-2018-18343 CVE-2018-18344 CVE-2018-18345 CVE-2018-18346 CVE-2018-18347 CVE-2018-18348 CVE-2018-18349 CVE-2018-1835...

openSUSE: Security Advisory for Chromium (openSUSE-SU-2018:4142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

CVE-2018-18345

CVE-2018-18345 affects Google Chrome/Chromium WebKit-based browsers prior to 71.0.3578.80, with an error in Site Isolation that allowed a renderer-compromised page to bypass site isolation protections. Public sources in the connected docs identify the issue as an access-restriction bypass in Site...

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

Security update for Chromium (important)

This update to Chromium version 71.0.3578.80 fixes security issues and bugs. Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium -...

Debian: Security Advisory (DSA-4352-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-18345

Incorrect handling of blob URLS in Site Isolation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker who had compromised the renderer process to bypass site isolation protections via a crafted HTML page...

CVE-2017-18345

The Joomanager component through 2.0.0 for Joomla! has an arbitrary file download issue, resulting in exposing the credentials of the database via an index.php?option=comjoomanager&controller=details&task=download&path=configuration.php request...

CVE-2017-18345

The CVE-2017-18345 entry concerns the Joomanager component for Joomla! up to version 2.0.0, where an arbitrary file download vulnerability in the details/download flow (path=configuration.php) can disclose database credentials. The root cause is an insecure download handler that allows access to ...

TFTP Server for Windows 1.4 ST WRQ Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'TFTP Server for...