3642 matches found
libheif 缓冲区错误漏洞
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.4.0 contains a denial-of-service vulnerability in heif::Boxiref::getreferences. The vulnerability stems from an invalid memory read. An attacker could exploit this vulnerability to cause a denial of servic...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
CVE-2021-3279
sz.chat version 4 allows injection of web scripts and HTML in the message box...
Lightning Wire Labs IPFire 跨站脚本漏洞
Lightning Wire Labs IPFire is a Linux-based open source firewall from Lightning Wire Labs. It focuses on securing your network while being easy to operate and maintain. It offers many features such as VPN, advanced firewall configuration, and of course great performance in all environments. A...
Black Box Kvm Extender 3.4.31307 Local File Inclusion
Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion Date: 05.07.2021 Exploit Author: Ferhat Çil Vendor Homepage: http://www.blackbox.com/ Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm Version: 3.4.31307 Category: Webapps Tested on: Linux...
Black Box Kvm Extender 3.4.31307 - Local File Inclusion Exploit
Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion Exploit Author: Ferhat Çil Vendor Homepage: http://www.blackbox.com/ Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm Version: 3.4.31307 Category: Webapps Tested on: Linux Description: Any us...
Black Box Kvm Extender 3.4.31307 - Local File Inclusion
Exploit Title: Black Box Kvm Extender 3.4.31307 - Local File Inclusion Date: 05.07.2021 Exploit Author: Ferhat Çil Vendor Homepage: http://www.blackbox.com/ Software Link: https://www.blackbox.com/en-us/products/black-box-brand-products/kvm Version: 3.4.31307 Category: Webapps Tested on: Linux...
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
On Saturday, @hdodov reported that the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. We used his report as an opportunity to find and fix XSS issues related to dynamic sit...
Advisory ROSA-SA-2021-1846
Software: gnome-shell 3.28.3 OS: Cobalt 7.9 CVE-ID: CVE-2020-17489 CVE-Crit: MEDIUM CVE-DESC: A problem was found in some GNOME gnome-shell configurations through 3.36.4. When logging out of an account, the password field in the login dialog box reappears, but the password is still displayed. If...
Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)
TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...
WordPress Popup Like box plugin <= 3.5.2 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Popup Like box plugin versions = 3.5.2. Solution Update the WordPress Popup Like box plugin to the latest available version at least 3.5.3...
WordPress Popup box plugin <= 2.3.3 - Authenticated Blind SQL Injection (SQLi) vulnerability
Authenticated Blind SQL Injection SQLi vulnerability discovered by To Quang Duong in WordPress Popup box plugin versions = 2.3.3. Solution Update the WordPress Popup box plugin to the latest available version at least 2.3.4...
Popup box < 2.3.4 - Authenticated Blind SQL Injections
The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC Exploit All of them with same technique...
Popup box < 2.3.4 - Authenticated Blind SQL Injections
The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...
Security Bulletin: IBM DataQuant Fix for (All) Apache PDF Box (Publicly disclosed vulnerability)
Summary Advisory ADV00321067: CVE-2021-27807 and CVE-2021-27906 Vulnerability Details CVEID: CVE-2021-27807 DESCRIPTION: Apache PDFBox is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially-crafted .PDF file, a remote attacker could explo...
CVE-2021-21737
A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insufficient protection of system application, attackers could use this vulnerability to tamper with the system desktop and affect system customization functions. This affects: ZXV10 B860H V5.0,...
Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 3 Exploit Author: Nathaniel Singer, Joe Rozner Date: 09/11/2020 CVE: 2020-14871 Vulnerable Versions: Oracle Solaris: 9 some releases, 10 all releases, 11.0 Description: CVE-2020-14871 is a critical pre-authentication via SSH stack-based...
CVE-2020-19202
An authenticated Stored XSS Cross-site Scripting exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 x8664 - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the...
Updated jasper packages fix security vulnerabilities
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened CVE-2021-3443. A NULL pointer dereference fl...