20 matches found
CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise
A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...
EUVD-2021-9556
Malicious code in bioql PyPI...
DNN 安全漏洞
DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable, feature-rich and so on. DNN 10.1.0 before the version of a security vulnerability , the vulnerability stems from...
SUSE CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
HCL Notes 缓冲区错误漏洞
HCL Notes is a local email client from HCL India. HCL Notes has a security vulnerability that originates from a flaw in MIME message handling that could be exploited by an unauthenticated attacker to cause a stack buffer overflow. A remote attacker could be allowed to exploit the vulnerability to...
Valve: Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe)
A malformed .WAV triggers an Access Violation on GoldSRC engine games Half-Life upon invocation, which could lead to remote code execution on a client. Crash Information ------------------ Event Type: Exception Exception Faulting Address: 0x2469a000 First Chance Exception Type:...
UBUNTU-CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
DEBIAN-CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
ISPConfig < 3.1.13 - Remote Command Execution
Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...
ISPConfig 3.1.13 - Remote Command Execution
ISPConfig 3.1.13 - Remote Command Execution Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match...
CoolMusicBox Upgrade Process Involves Arbitrary File Download Vulnerability
Coolmusic is a one-stop personalized music service platform that integrates music discovery, access and enjoyment. There is an arbitrary file download vulnerability in the update process of kwmusic, due to the use of insecure HTTP communication protocol to interact with the server, and did not...
VMware vRealize Business Advanced and Enterprise Cross-Site Scripting Vulnerability
VMware vRealize Business formerly known as IT Business Management Suite is a tool from VMware that can be used to visualize and control the cost of cloud computing environments and IT services. The tool provides cloud business management, IT financial management, and service quality management...
DreamPoll 3.1 Vulnerabilities
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 SQL Injection / XSS
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DreamPoll 3.1 Vulnerabilities
No description provided by source. During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a...
DreamPoll 3.1 - SQL Injection
During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be exploited to make unauthorized changes to a web site or compromise a client accessing a site that utilizes...
DEBIAN-CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...
OpenSSH < 3.1 Channel Code Off by One Privilege Escalation
Binary data 1990.prm...
Дырки в Mac OS Runtime for Java
Некорректное исопльзование аттрибутов CODEBASE и ARCHIVE повзояет скомпрометировать клиента...
ssh-xauth.txt
The default SSH configuration for SSH1 and SSH2 allow for remote controlling of X sessions through X forwarding. All children of the SSH connection are able to tunnel X11 sessions through the X tunnel to the client X11 session. This is accomplished by running xauth upon logging in. If xauth is...