Lucene search
K

664 matches found

OSV
OSV
added 2019/07/05 1:15 a.m.2 views

UBUNTU-CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

8.8CVSS7.1AI score0.03166EPSS
Exploits1References4
Prion
Prion
added 2019/07/05 1:15 a.m.24 views

Heap overflow

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

6.8CVSS9.1AI score0.03166EPSS
Exploits1References7Affected Software4
Cvelist
Cvelist
added 2019/07/05 12:52 a.m.17 views

CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

9.3AI score0.03166EPSS
Exploits1References7
Debian CVE
Debian CVE
added 2019/07/05 12:52 a.m.35 views

CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

8.8CVSS8.7AI score0.03166EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2019/07/05 12:52 a.m.30 views

CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

8.8CVSS9.5AI score0.03166EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.27 views

openSUSE Security Update : python-Django (openSUSE-2019-614)

This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the...

6.1CVSS6.1AI score0.2549EPSS
Exploits0References2
OSV
OSV
added 2019/03/14 3:40 p.m.1 views

GHSA-2G9Q-CHQ2-W8QW Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen correctly on the table for...

4.3CVSS7.2AI score0.01431EPSS
Exploits3References4
CNVD
CNVD
added 2018/11/08 12:0 a.m.2 views

Ladder CMS Privilege Limit Bypass Vulnerability (CNVD-2019-09102)

Tianti tianti is a free lightweight CMS system written in Java , currently provides a total solution from the back-end management to the front-end display . A privilege restriction bypass vulnerability exists in Tianti 2.3, which can be exploited by a remote authenticated user to bypass the...

8.8CVSS8.7AI score0.01771EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.30 views

Debian DSA-4331-1 : curl - security update

Two vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-16839 Harry Sintonen discovered that, on systems with a 32 bit sizet, an integer overflow would be triggered when a SASL user name longer than 2GB is used. This would in turn cause a very small buffer to be allocated...

9.8CVSS7.2AI score0.0583EPSS
Exploits0References7
NVD
NVD
added 2018/10/24 9:29 p.m.18 views

CVE-2018-18476

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...

9.8CVSS10AI score0.01789EPSS
Exploits1References2
Prion
Prion
added 2018/10/24 9:29 p.m.14 views

Sql injection

mysql-binuuid-rails 1.1.0 and earlier allows SQL Injection because it removes default string escaping for affected database columns...

7.5CVSS9.9AI score0.01789EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/10/18 1:0 p.m.131 views

CVE-2018-12381

Concretely, CVE-2018-12381 affects Mozilla Firefox ESR < 60.2 and Firefox

5.3CVSS5.1AI score0.01842EPSS
Exploits0References6Affected Software1
Packet Storm
Packet Storm
added 2018/10/03 12:0 a.m.29 views

Zechat 1.5 SQL Injection

Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Date: 2018-10-02 Dork: N/A Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/07/11 12:0 a.m.5 views

Sencha Ext JS Cross-Site Scripting Vulnerability

Sencha Ext JS is a JavaScript-based application framework . The framework supports the use of Ajax, DHTML and DOM scripts to build interactive cross-platform Web applications . A cross-site scripting vulnerability exists in the getTip method of Action Columns in Sencha Ext JS versions 4 through 6...

6.1CVSS6AI score0.67014EPSS
Exploits1References1
NVD
NVD
added 2018/07/05 8:29 p.m.24 views

CVE-2018-8046

The getTip method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip method of Action Column...

6.1CVSS5.9AI score0.67014EPSS
Exploits1References2
Prion
Prion
added 2018/07/05 8:29 p.m.20 views

Cross site scripting

The getTip method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip method of Action Column...

4.3CVSS5.7AI score0.67014EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/07/05 8:0 p.m.137 views

CVE-2018-8046

The CVE-2018-8046 issue affects Sencha Ext JS 4–6 prior to 6.6.0. The getTip() method in Action Columns unescapes HTML-escaped data, enabling cross-site scripting if tooltips contain user-controlled content. Public information confirms vulnerability details and that a fix was released in 6.6.0 (w...

6.1CVSS5.8AI score0.67014EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2018/07/03 12:0 a.m.116 views

extjs getTip() Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications A XSS vulnerability exists in the getTip method of Action Columns. The Ext JS framework brings no built-in XSS protection, meaning that developers are responsible for sanitizing their output. However. the method above takes HTML-escaped data a...

6.4AI score0.67014EPSS
Exploits1
Exploit DB
Exploit DB
added 2018/05/29 12:0 a.m.46 views

Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection

Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...

9.8CVSS9.7AI score0.0328EPSS
Exploits5
Veracode
Veracode
added 2018/04/25 6:15 a.m.28 views

Cross-site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the Central Columns feature...

5.4CVSS5.6AI score0.01618EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder