Digium Asterisk Code Issue Vulnerability

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR and so on. A code issue vulnerability exists in Digium Asterisk open source versions 15.x and 16.x, whic...

GitLab code issue vulnerability (CNVD-2019-30740)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A code issue vulnerability exists in GitLab Enterprise an...

Tableau Code Issues Vulnerabilities

Tableau is a very easy to get started with the data analysis software, just import data through a simple point and click, mouse drag and drop to generate reports. There is a code issue vulnerability in Tableau. The vulnerability arises from a design or implementation problem in the code developme...

Autodesk Design Review Code Issue Vulnerability

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from Autodesk. The software supports viewing, marking, measuring, printing and tracking changes to 2D and 3D design files. A code issue vulnerability exists in Autodesk Design Review. An attacker could exploit...

Debian: Security Advisory (DLA-1896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

tourdekids.cz Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1935 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting tourdekids.cz website and its users. Following...

Apache Commons Beanutils Code Issue Vulnerability

Apache Commons Beanutils is the United States Apache Apache Software Foundation, a package that provides tools to manipulate JavaBean. A code issue vulnerability exists in Apache Commons Beanutils version 1.9.2, which can be exploited by an attacker to execute arbitrary code/commands...

Security Update for Microsoft SharePoint Foundation 2013 (KB4475565) farm-deployment

A security vulnerability exists in Microsoft SharePoint Foundation 2013 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

CVE-2019-14486

GnuCOBOL 2.2 has a buffer overflow in cbevaluateexpr in cobc/field.c via crafted COBOL source code...

CVE-2019-1010176

JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function litchartoutf8bytes jerry-core/lit/lit-char-helpers.c:377. The attack vector is: executing crafted...

FFmpeg Code Problem Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A code issue vulnerability exists in FFmpeg version 4.1.3. The vulnerability arises from a design or implementation issue during code development for a networked system or product. No detai...

leejofa.com Open Redirect vulnerability

Security Researcher geeknik Helped patch 8544 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting leejofa.com website and its users. Following coordinated a...

costatropical.es Cross Site Scripting vulnerability

Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting costatropical.es website and its users. Following coordinate...

MiniFtp - parseconf_load_setting Buffer Overflow Exploit

Exploit for linux platform in category local exploits Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on: Debian 9 Stretch i386/ Kali...

CVE-2019-9227

An issue was discovered in baigo CMS 2.1.1. There is a vulnerability that allows remote attackers to execute arbitrary code. A BGSITENAME parameter with malicious code can be written into the optbase.inc.php file...

U.S. Dept Of Defense: [https://███] Local File Inclusion via graph.php

Summary: There exists a Local File Inclusion vulnerability on https://████ due to a known vulnerability in the ZendTo library. This was fixed in Version 5.16-6 Beta, although ██████ is still running ZendTo 5.11. Impact This allows path traversal in a file name that is then returned to the user...

MGASA-2019-0043 Updated libssh packages fix security vulnerability

libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2MSGUSERAUTHSUCCESS message in place of the SSH2MSGUSERAUTHREQUEST message which the server would expect to initiate authentication, the attacker could successfully...

WordPress Plugin Audio Record 1.0 - Arbitrary File Upload

WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricte...

valentino.com XSS vulnerability

Open Bug Bounty ID: OBB-705930 Description| Value ---|--- Affected Website:| valentino.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-5877

CVE-2018-5877 describes a vulnerability in the device programmer target-side code for firehose used on Qualcomm Snapdragon platforms. The issue arises because a string may not be properly NULL terminated, potentially leading to an incorrect buffer size in Snapdragon Automotive, Mobile, and Wear d...