Artifex Software MuPDF Code Issue Vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A code issue vulnerability exists in the 'fzloadjpeg' function in Artifex Software MuPDF version 1.14. The vulnerability stems from an improperly designed or implemented code development process for a networked...

Schneider Electric VideoXpert OpsCenter Code Issue Vulnerability

Schneider Electric VideoXpert OpsCenter is a suite of enterprise surveillance video management platforms from Schneider Electric France. A code issue vulnerability exists in Schneider Electric VideoXpert OpsCenter. An attacker could exploit this vulnerability to conduct DLL hijacking...

Intel Server Platform Services Code Issue Vulnerability

Intel Server Platform Services SPS is a server platform services program from Intel USA. A code issue vulnerability exists in Intel Server Platform Services. The vulnerability stems from an improperly designed or implemented code development process for a network system or product. An attacker...

IBM TRIRIGA Application Platform Code Issue Vulnerability

The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...

SAP HANA Code Issue Vulnerability

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. SAP HANA has a code issue vulnerability that originates from an improperly designed or...

Mozilla Thunderbird Code Issue Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation of a set of independent from MozillaApplicationSuite e-mail client software. The software supports IMAP and POP mail protocols as well as HTML mail format. A code issue vulnerability exists in versions of Mozilla Thunderbird prior to 60....

Monero: Computing hash of crafted block leads to crash in tree_hash()

I'm not sure how to test this against against an actual Monero instance, so I'm instead showing an isolated PoC: c include int mainvoid cryptonote::block b = AUTOVALINITb; for sizet i = 0; i baoss; std::string s; if ::serialization::serializeba, b == true s = oss.str; else return 0; / Uncomment t...

FastStone Image Viewer Code Issue Vulnerability

FastStone Image Viewer is a free image viewing, converting and editing tool. A code issue vulnerability exists in FastStone Image Viewer. An attacker could exploit this vulnerability via specially crafted image files to cause a denial of service...

kifc.com XSS vulnerability

Open Bug Bounty ID: OBB-385586 Description| Value ---|--- Affected Website:| kifc.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

UBUNTU-CVE-2016-2052

Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used in Google Chrome before 48.0.2564.82, allow attackers to cause a denial of service or possibly have other impact via crafted data, as demonstrated by a buffer over-read resulting from an inverted length check in hb-ot-font.cc,...

PT-2015-1639 · Cisco +1 · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 9.15.21 Description: The issue is related to the TLS implementation in the Cavium cryptographic-module firmware, which does not verify the MAC field. This allows man-in-the-middle attacke...

MGASA-2015-0165 Updated lftp packages fix CVE-2014-0139

Updated lftp packages fix security vulnerability: lftp incorrectly validates wildcard SSL certificates containing literal IP addresses, so under certain conditions, it would allow and use a wildcard match specified in the CN field, allowing a malicious server to participate in a MITM attack or ju...

espcms最新版本CSRF直接getshell

简要描述： espcms 最新版本csrf 直接getshell 详细说明： 这里我们首先看看，存在的代码问题 management.php:lines:711-741: function onsetsave $dbtable = dbprefix . 'config'; $commandfile = adminROOT . 'datacache/command.php'; if !$this-fun-filemode$commandfile exit'false'; $oldishtml = $this-CON'ishtml'; $sql = 'SELECT FROM '...

WordPress VideoWhisper Video Presentation plugin <= 1.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress VideoWhisper Video Presentation plugin = 1.1 SQL Injection Vulnerability Date: 2011-09-02 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link:...

SuSE 11.3 Security Update : file (SAT Patch Number 9066)

The command line tool file1 and its library libmagic have been updated to fix the following issues : - file1 crashed when parsing some PE executables. CVE-2014-2270, bnc866750 - file1 did not set return code on non-existing files. bnc863450 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

Multiple vulnerabilities in MercuryBoard 1.1.1

CODEBUG Labs Advisory 7 Title: Multiple vulnerabilities in MercuryBoard 1.1.1 Author: Alberto Trivero English Version: Alberto Trivero Product: MercuryBoard 1.1.1 Type: Multiple Vulnerabilities Web: http://www.codebug.org/ -- Software Page www.mercuryboard.com "MercuryBoard is a powerful message...

CVE-2001-1393

Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service hang...