3975 matches found
Authentication flaw
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
CVE-2020-24940
Laravel CVE-2020-24940 affects Laravel before 6.18.34 and 7.x before 7.23.2. The issue arises when unvalidated values are saved to the database in situations where table names are stripped during mass assignment, enabling unintended database writes. Connected records corroborate the affected vers...
CVE-2020-24940
An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...
BarracudaDrive v6.5 - Insecure Folder Permissions Vulnerability
Exploit Title: BarracudaDrive v6.5 - Insecure Folder Permissions Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Tested On: Windows 10 Pro CVSS Base...
PT-2020-15863 · Taylor Otwell · Laravel
Name of the Vulnerable Software and Affected Versions: Laravel versions prior to 6.18.34 Laravel versions 7.x prior to 7.23.2 Description: An issue allows unvalidated values to be saved to the database in certain situations where table names are stripped during mass assignment. Recommendations: F...
Amazon Linux AMI : rubygem-json (ALAS-2020-1423)
It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...
BarracudaDrive 6.5 Local Privilege Escalation Vulnerability
Exploit Title: BarracudaDrive v6.5 - User-System - Local Privilege Escalation Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: 08-08-2020 Vendor Homepage: https://barracudaserver.com/ Software Link: https://download.cnet.com/BarracudaDrive/3001-185064-10723210.html Version: v6.5 Teste...
The vulnerability of the isAuxiliaryVtabOperator component of the SQLite database management system allows a attacker to cause a service failure.
The vulnerability of the isAuxiliaryVtabOperator component in the SQLite database management system is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause service failures...
openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system,...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none...
The vulnerability in the `hw/rdma/vmw/pvrdma_cmd.c` component of the PVRDMA virtual network adapter driver allows a hacker to trigger a service failure.
The vulnerability in the hw/rdma/vmw/pvrdmacmd.c component of the PVRDMA virtual network adapter’s hardware emulation software, QEMU, is related to pointer assignment errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure by creating CQ/QP objects...
Node.js third-party modules: [json-bigint] DoS via `__proto__` assignment
I would like to report a DoS in json-bigint. It allows to cause denial of service using very limited input 70 bytes. Module module name: json-bigint version: 0.3.1 npm page: https://www.npmjs.com/package/json-bigint Module Description JSON.parse/stringify with bigints support. Based on Douglas...
CVE-2020-9225
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...
CVE-2020-9225
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...
CVE-2020-14214
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization...