GPAC code issue vulnerability (CNVD-2020-00525)

GPAC is an open source multimedia framework. A code issue vulnerability exists in the 'gfisomdump' function of the isomedia/boxdump.c file in GPAC versions 0.8.0 and 0.9.0-development-20191109. The vulnerability stems from an improperly designed or implemented code development process for a...

GPAC code issue vulnerability (CNVD-2020-00231)

GPAC is an open source multimedia framework. A code issue vulnerability exists in the 'gfisomboxdel' function of the isomedia/boxfuncs.c file in GPAC versions 0.8.0 and 0.9.0-development-20191109. The vulnerability stems from an improperly designed or implemented code development process for a...

Unspecified Vulnerability in Connect Box EuroDOCSIS 3.0 Voice Gateway

Connect Box EuroDOCSIS 3.0 Voice Gateway is a home voice gateway device. A security vulnerability exists in the administration interface of the Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH version, which originates from the program receiving a POST request on port 80...

CVE-2019-19967

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

CVE-2019-19967

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

Default credentials

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

CVE-2019-19967

The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH devices accepts a cleartext password in a POST request on port 80, as demonstrated by the Password field to the xml/setter.xml URI...

CVE-2019-19967

The CVE-2019-19967 issue affects the Connect Box EuroDOCSIS 3.0 Voice Gateway CH7465LG-NCIP-6.12.18.25-2p6-NOSH, where the Administration page accepts a cleartext password in a POST to port 80 via xml/setter.xml. This enables potential exposure of credentials over the network (confidentiality imp...

Xiaomi Mi Box Display Corruption Exploit

The vulnerability allows rescaling and corrupting the Xiaomi Mi Box model: MIBOX3, build.id : MHC19 display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalities that the TV box is offering or can even be used for...

Xiaomi Mi Box Memory Corruption Vulnerability

Xiaomi Mi Box is a Xiaomi set-top box application. Xiaomi Mi Box suffers from a memory corruption vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the currently logged in user, potentially resulting in a denial of service condition...

Xiaomi Mi Box Display Corruption

HI, I would like to report a security vulnerability in Xiaomi Mi Box model: MIBOX3, build.id : MHC19. The vulnerability allows rescaling and corrupting the display without any privilege requirement, thus creating an opportunity for a non-privilege malicious app to disable the basic functionalitie...

UBUNTU-CVE-2019-5875

Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

The vulnerability of the mp4ff_read_mdhd function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadmdhd function common/mp4ff/mp4atom.c in the Freeware Advanced Audio Decoder 2 FAAD2 is caused by reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created mp4 file...

WordPress plugmatter-optin-feature-box-lite plugin SQL injection vulnerability (CNVD-2019-41888)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. plugmatter-optin-feature-box-lite is a feature list plugin used in it. The WordPress plugmatter-optin-feature-box-lite plugin...

WordPress plugmatter-optin-feature-box-lite plugin SQL injection vulnerability (CNVD-2019-42838)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. plugmatter-optin-feature-box-lite is a feature list plugin used in it. A SQL injection vulnerability exists in the WordPress...

strong-on-health-box.cratejoy.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-1015027 Security Researcher 41PH4 Helped patch 18 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting strong-on-health-box.cratejoy.com website and its users...

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box...

CVE-2010-3674

TYPO3 before 4.4.1 allows XSS in the frontend search box...

CVE-2010-3674

TYPO3 (CMS/CMF) versions before 4.4.1 are affected by a cross-site scripting (XSS) vulnerability in the frontend search box. The issue arises from lack of proper validation of client-side data, enabling an attacker to inject scripts that run in a user’s browser. The available connected sources co...

TYPO3 cross-site scripting vulnerability (CNVD-2019-40295)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end login box in TYPO3. The vulnerability stems from the lack of proper validation of client-side data by the WEB application, which...