Lucene search
+L

31 matches found

bdu_fstec
bdu_fstec
added 2023/04/22 12:0 a.m.10 views

The vulnerability of the plugin for viewing RAW images allows a hacker to execute arbitrary code.

The vulnerability of the plugin for viewing RAW images is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

8.4CVSS7.8AI score0.00617EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2022/12/16 12:0 a.m.8 views

PT-2022-14777 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the thermal cooling device stats update function of thermal sysfs.c due to improper input validation. This could lead to local escalation of privilege in th...

6.7CVSS6.7AI score0.00173EPSS
Exploits0References4
zdt
zdt
added 2022/08/16 12:0 a.m.390 views

TypeORM 0.3.7 Information Disclosure Vulnerability

I found what I think is a vulnerability in the latest typeorm 0.3.7. TypeORM v0.3 has a new findOneBy method instead of findOneById and it is the only way to get a record by id Sending undefined as a value in this method removes this parameter from the query. This leads to the data exposure. For...

9.8CVSS9.7AI score0.20299EPSS
Exploits6
cnnvd
cnnvd
added 2022/08/01 12:0 a.m.6 views

TCL LinkHub Mesh Wi-Fi 缓冲区错误漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.A buffer overflow vulnerability exists in TCL LinkHub Mesh Wi-Fi, which stems from a lack of proper validation of user-supplied data in the confsrv ucloudsetnodelocation function, and could be exploited by an attacker to execute arbitrary co...

9.8CVSS6.6AI score0.01109EPSS
Exploits1References3
cnnvd
cnnvd
added 2021/10/15 12:0 a.m.5 views

Foxit PDF Editor 缓冲区错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. A buffer error vulnerability exists in Foxit PDF, which is caused by a lack of proper validation of user-supplied data, and could allow a remote attacker to execute arbitrary code on an affected PDF editor installation...

5.5CVSS6.4AI score0.0034EPSS
Exploits0References4
osv
osv
added 2019/05/16 10:29 p.m.1 views

DEBIAN-CVE-2019-10912

In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to...

7.1CVSS6.9AI score0.02302EPSS
Exploits0References1
wpvulndb
wpvulndb
added 2019/04/18 12:0 a.m.20 views

CarSpot Theme <= 2.1.6 - Authenticated Stored XSS

Bad input field data filtering has been discovered in the 'CarSpot – Automotive Car Dealer Wordpress Classified Theme'. Current version of this Premium Theme is 2.1.5. PoC Authorize on the demo website for tests: https://carspot.scriptsbundle.com/, login is [email protected] and passow...

3.5CVSS0.8AI score0.00736EPSS
Exploits2References2Affected Software1
osv
osv
added 2018/04/09 8:29 p.m.16 views

CVE-2018-6182

Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. Therefore, Mahara should not rely on TinyMCE's code stripping alone but also clean input on the server / PHP side as one can create own packets of...

6.1CVSS7.3AI score
Exploits0References2
cnvd
cnvd
added 2017/11/21 12:0 a.m.2 views

SQL injection vulnerability in program\diypage\receive\add.php page of Dreamline Monxin Enterprise Building System program\diypage\receive\add.php

Monxin Enterprise Station Building System is a self-service station building system based on PHP language development. A SQL injection vulnerability exists in the program\diypage\receive\add.php page of the Monxin Enterprise Station Building System. The vulnerability is due to the system's failur...

7.8AI score
Exploits0
packetstorm
packetstorm
added 2007/10/01 12:0 a.m.28 views

aspcatalog-sql.txt

ASP Product catalog SQL injection vulnerability. A nice little SQL injection vulnerability exists within ASP Product Catalog. The application fails to check for bad input from GET'd variables used in SQL query operations. In this case, the variable cid can be used for SQL injection queries...

7.4AI score
Exploits0
exploitdb
exploitdb
added 1994/02/07 12:0 a.m.32 views

HP-UX 10/11/ IRIX 3/4/5/6 / OpenSolaris build snv / Solaris 8/9/10 / SunOS 4.1 - &#039;rpc.ypupdated&#039; Command Execution (2)

HP-UX 10.x/11.x,IRIX 3.x/4.x/5.x/6.x,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1.x RPC.YPUpdated Command Execution 2 source: https://www.securityfocus.com/bid/1749/info The 'rpc.ypupdated' deamon is part of the Network Information Service NIS or Yellow Pages YP. It allows clients to update NIS...

7.4AI score
Exploits0
Rows per page
Query Builder