Race condition

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

UBUNTU-CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

CVE-2021-35525

PostSRSd before 1.11 allows a denial of service subprocess hang if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger...

Roehling PostSRSd 安全漏洞

Roehling Postsrsd is a C-based program by Roehling's personal developer that provides reverse SRS functionality for mail servers. PostSRSd suffers from a denial of service vulnerability that stems from a problem caused by Postfix sending certain long data fields, such as email addresses for...

PT-2021-21127 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 SocialProfile extension in MediaWiki versions through 1.36 Description: An XSS issue was discovered in the SocialProfile extension within MediaWiki. A privileged user with the awardmanage right could inject...

PT-2021-21128 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: A cross-site scripting XSS issue was discovered in the SportsTeams extension. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields...

The vulnerability of the Cisco Wide Area Application Services Software (WAAS) program lies in its ability to disclose information in erroneous data fields, allowing an intruder to gain access to confidential data.

The vulnerability of the Cisco Wide Area Application Services Software WAAS package is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

CVE-2020-18102

Cross Site Scripting XSS in HotelsServer v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php"...

Cross site scripting

Cross Site Scripting XSS in HotelsServer v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php"...

Red Hat Keycloak Input Validation Error Vulnerability

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. Red Hat Keycloak has an input validation error vulnerability that arises from not properly encoding user-supplied data fields and using...

RHEL 7 / 8 : Ansible (RHSA-2019:2542)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2542 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over S...

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization for the data fields in the AutoCompleteRenderer class...

Null pointer dereference

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

Busewe 1.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Busewe - Website Marketplace Software v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/busewe Demo: http://demo.ncryptedprojects.com/busewe/...

DEBIAN-CVE-2016-5705

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 server-privileges certificate data fields on the user privileges page, 2 an "invalid JSON" error messa...

CVE-2015-0103

Multiple cross-site scripting XSS vulnerabilities in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields...

CVE-2015-0103

Multiple cross-site scripting XSS vulnerabilities in the Process Portal in IBM Business Process Manager BPM 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields...

ActFax 5.01 - RAW Server Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...