3641 matches found
UBUNTU-CVE-2017-11464
A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...
Shenzhen Cloud Box Technology Co., Ltd. cloud platform exists s2-045 command execution vulnerability
Cloudbox is a private cloud storage platform for enterprise document aggregation, distribution monitoring and collaboration based on mobile networks. Shenzhen Cloud Box Technology Co., Ltd. cloud platform using Apache as the framework, the framework exists s2-045 command execution vulnerability...
losangelesboxoffice.com XSS vulnerability
Vulnerable URL: https://www.losangelesboxoffice.com/tickets.php?/BET-Experience-feat.-Bryson-Tiller,-Jhene-Aiko,-Keyshia-Cole/Staples-Center-CA/=1"...
CVE-2016-10042
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star aka Swisscom Internet-Box devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure...
Authorization
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star aka Swisscom Internet-Box devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure...
CVE-2016-10042
The Arcadyan SLT-00 Star* (Swisscom Internet-Box) Web UI contains an authorization bypass (CVE-2016-10042) that allows unauthenticated HTTP requests to reconfigure the static routing table, enabling denial of service and information disclosure. Affected: Arcadyan SLT-00 Star* devices prior to R7....
Swisscom Internet-Box Authentication Bypass Vulnerability
Swisscom Internet-Box is a router from Arcadyan. An authentication bypass vulnerability exists in the web interface of the Arcadyan SLT-00 Star also known as Swisscom Internet-Box, which can be exploited by an attacker to cause a denial of service and information disclosure through unauthorized...
XSS Vulnerability in NETGEAR FS726Tv2 NETGEAR Backend
The FS726T is a classic smart switch from Netgear. An XSS vulnerability exists in the NETGEAR FS726Tv2 NETGEAR backend. An attacker can exploit the vulnerability to pop up a message in the login box for modification...
SDCMS Search Box SQL Injection Vulnerability
SDCMS is a PHP 3-in-1 website management system independently developed by Fireworks Network. An SQL injection vulnerability exists in the SDCMS search box. The vulnerability stems from failure to filter user input. An attacker can exploit this vulnerability to obtain sensitive information from t...
box-designs.com XSS vulnerability
Open Bug Bounty ID: OBB-250232 Description| Value ---|--- Affected Website:| box-designs.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Wireshark 'epan/dissectors/file-mp4.c' Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the 'dissectmp4box' function in the...
CVE-2017-9616
In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion uncontrolled recursion in the dissectmp4box function in epan/dissectors/file-mp4.c...
CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net
0x00 Preface Recently, researchers also found a number of CVE-2017-0199 vulnerability of the sample. Although the Microsoft in this year 4 month has been released for the vulnerability the patch, but since its use is relatively simple, worldwide usage is still very high, here to share some of the...
CVE-2017-0199: in-depth analysis of the Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net
Recently, researchers also found a number of CVE-2017-0199 vulnerability of the sample. Although the Microsoft in this year 4 month has been released for the vulnerability the patch, but since its use is relatively simple, worldwide usage is still very high, here to share some of the phishing...
Reflective Cross-site Scripting Vulnerability in ESPCMS Enterprise Web Management System V6.7.17.04.05
ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. A reflective cross-site scripting vulnerability exists in the search box of the ESPCMS enterprise website management system. The vulnerability allows attackers to...
box-designs.com XSS vulnerability
Open Bug Bounty ID: OBB-245064 Description| Value ---|--- Affected Website:| box-designs.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
dealers.antiquesnavigator.com XSS vulnerability
Open Bug Bounty ID: OBB-243272 Description| Value ---|--- Affected Website:| dealers.antiquesnavigator.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...
Cuvva: Reflected XSS on Branch domain
Date: 22th May 2017 Browser: Firefox 50 Parameter: branchflowid Authenticated: No Details: Arbitrary javascript can be injected in the home search bar. The search parameter called sort is vulnerable. POC:...
Command Execution Vulnerability in Apple CMS wd Parameter
Apple CMS program is a fast website building system that runs on PHP+MYSQL environment. A command execution vulnerability exists in the wd parameter of the search box of Apple CMS. The vulnerability stems from the failure of the wd parameter to adequately filter user-supplied input, which allows ...
OpenText Tempo Box Cross-Site Scripting Vulnerability
OpenText Tempo Box is an enterprise-class file management solution from OpenText Canada. The solution supports file sharing between PCs and mobile devices. A cross-site scripting vulnerability exists in OpenText Tempo Box 10.0.3. A remote attacker can exploit this vulnerability to persistently...