PT-2022-9211 · Anycubic · Anycubic Chitubox Anycubic Plugin

Name of the Vulnerable Software and Affected Versions: AnyCubic Chitubox AnyCubic Plugin version 1.0.0 Description: A heap-based buffer overflow issue exists in the readDatHeadVec functionality. This can be triggered by a specially-crafted GF file, leading to a heap buffer overflow. An attacker c...

PT-2022-10512 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A heap-based buffer overflow issue exists in MP4Box via the gp rtp builder do mpeg12 video function, allowing attackers to have unspecified impact through a crafted file in the MP4Box command. Recommendations:...

CVE-2021-41232

Thunderdome is an open source agile planning poker tool in the theme of Battling for points. In affected versions there is an LDAP injection vulnerability which affects instances with LDAP authentication enabled. The provided username is not properly escaped. This issue has been patched in versio...

PT-2021-21805 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.6.0 Description: The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker c...

PT-2021-7814 · Xmill · Xmill

Name of the Vulnerable Software and Affected Versions: Xmill version 0.7 Description: A memory corruption issue exists in the XML-parsing CreateLabelOrAttrib functionality. This can be triggered by a specially crafted XML file, leading to a heap buffer overflow. An attacker can exploit this by...

PT-2021-3132

Name of the Vulnerable Software and Affected Versions BIND versions 9.5.0 through 9.11.29 BIND versions 9.12.0 through 9.16.13 BIND Supported Preview Edition versions 9.11.3-S1 through 9.11.29-S1 BIND Supported Preview Edition versions 9.16.8-S1 through 9.16.13-S1 BIND 9.17 development branch...

PT-2021-14891 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 12.2 Description: A vulnerability was discovered in GitLab that made it susceptible to a Server-Side Request Forgery SSRF attack. The attack was possible through the Outbound Requests feature. Recommendations: For...

PT-2021-17175 · Discord · Probot

Name of the Vulnerable Software and Affected Versions: ProBot bot through 2021-02-08 for Discord Description: The issue allows attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature, or possibly have unspecified other impact, because the...

PT-2021-2328 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation...

PT-2021-9640 · Phpgacl · Phpgacl

Name of the Vulnerable Software and Affected Versions: phpGACL version 3.3.7 Description: The issue allows for SQL injection through a specially crafted HTTP request. In the file admin/edit group.php, when the POST parameter action is set to “Delete”, the POST parameter delete group can lead to a...

PT-2021-13844 · Privoxy +3 · Privoxy +3

Name of the Vulnerable Software and Affected Versions: Privoxy versions prior to 3.0.29 Description: A flaw was found that could result in a crash if accept-intercepted-requests was enabled. This occurs when Privoxy fails to get the request destination from the Host header and a memory allocation...

PT-2020-4164 · Cisco · Cisco Ios Xe Wireless Controller +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family affected versions not specified Description: A vulnerability in the WLAN Local Profiling feature could allow an unauthenticated, adjacent attacker to cause a denial ...

PT-2018-15376 · Febs · Febs-Shiro

Name of the Vulnerable Software and Affected Versions: FEBS-Shiro versions prior to 2018-11-05 Description: An issue was discovered in the fileDownload function in the CommonController class. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false...

Cisco ASA DHCPv6 Relay DoS Vulnerability (cisco-sa-20150115-asa-dhcp)

A vulnerability in the DHCPv6 relay feature of Cisco ASA may lead to a denial of service. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Th...

Eaton Network Shutdown Module Arbitrary PHP Code Execution Vulnerability

Eaton Network Shutdown Module is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

TP-Link 8840T DSL router default remote management vulnerability

Overview The TP-Link 8840T DSL router's remote management feature is enabled by default. Description The TP-Link 8840T DSL router allows remote WAN internet users access to the administrator web interface of the device by default. --- Impact A remote unauthenticated attacker may be able to access...

DNS Server hostname.bind Map Hostname Disclosure

It is possible to learn the remote host name by querying the remote DNS server for 'hostname.bind' in the CHAOS domain. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid35371; scriptversion"$Revision: 1.11 $"; scriptcvsdate"$Date: 2011/09/14 15:27:29 $";...

Unauthorized reading confirmation from Outlook

I've just got an interesting idea about how a malicious e-mail sender could try to get a unseen by the recipient reading confirmation, including the IP address of the recipient. I was working on S/MIME messages and I thought about the signature validation process, where some of the steps could...

phpBB 2.0.17 remote avatar size bug

Title: phpBB remote avatar size bug Software: phpBB 2.0.17 and maybe prior versions Discovered by: David Sopas Ferreira david at systemsecure dot org Original link: http://www.systemsecure.org/ssforum/viewtopic.php?t=272 » Email from phpBB « Your report "Avatar size" has been closed because your...

Check Point FireWall-1 Telnet Client Authentication Detection

The Check Point FireWall-1 Client Authentication server is used to authenticate a user via telnet. Once authenticated, the user can get more privileges on the network ie, get access to hosts that were previously blocked by the firewall. C Tenable Network Security, Inc. include"compat.inc";...