70 matches found
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting PoC With the "Compatibility Mode"...
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting With the "Compatibility Mode"...
Denial Of Service (DoS)
FreeRDP is vulnerable to denial of service. A use-after-free in gdiSelectObject causes clients using compatibility mode with /relax-order-checks to be vulnerable to an application crash...
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...
DEBIAN-CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in gdiSelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2...
CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713,...
zsh: NULL dereference in cd in sh compatibility mode under given circumstances
A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell...
Microsoft Internet Explorer 11 jscript!JsErrorToString Use-After-Free
Microsoft IE11: use-after-free in jscript!JsErrorToString CVE-2017-11810 There is a use-after-free in jscript.dll library that can be exploited in IE11. jscript.dll is an old JavaScript library that was used in IE 8 and back. However, IE11 can still load it if put into IE8 compatibility mode and ...
CVE-2017-11057
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flashdata from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address...
Design/Logic Flaw
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in compatibility mode, flashdata from 64-bit userspace may cause disclosure of kernel memory or a fault due to using a userspace-provided address...
Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)
The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...
Apple macOS - 32-bit syscall exit Kernel Register Leak Exploit
Exploit for macOS platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to...
Apple macOS - '32-bit syscall exit' Kernel Register Leak
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in...
Published application with XP compatibility mode enabled may cause intermittent black background
Published application with XP compatibility mode enabled may cause intermittent black background...
SUSE SLED12 / SLES12 Security Update : ntp (SUSE-SU-2016:1247-1)
ntp was updated to version 4.2.8p6 to fix 28 security issues. Major functional changes : - The 'sntp' commandline tool changed its option handling in a major way, some options have been renamed or dropped. - 'controlkey 1' is added during update to ntp.conf to allow sntp to work. - The local cloc...
Shopify: xss in the all widgets of shopifyapps.com
i found xss in all widgets.shopifyapps.com/ google dork:site:widgets.shopifyapps.com the parameter "padding" is vulnerable,xss payload - %0ax:expressionalert1%0a xss does work in inetrnet explorer browsers for ie10,ie11 in compatibility mode , for ie5,ie6,ie7 for ie8,ie9 javascript is disabled, t...
CVE-2015-1967
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used...