107 matches found
CVE-2022-20883
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20888
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20900
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20885
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
GHSA-6C7R-6P5M-CP82 Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
CVE-2020-15225
django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated NumberFilter instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential...
Gitlab CE/EE Input Validation Error Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in Gitlab CE/EE version...
CVE-2019-20426
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlmcancelhpreqcheck, there is no lockcount bounds check...
Information disclosure
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
CVE-2019-16789
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special...
Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)
Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details: CVE-ID: CVE-2014-9293 Description: Network Time Protocol NTP Project N...
CVE-2018-17698
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
UBUNTU-CVE-2018-7325
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field...
CVE-2018-7325
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field...
Memory corruption
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a memory allocation without a length field validation in the mobicore driver which can result in an undersize buffer allocation. Ultimately this can result in a kernel memory...
OLX: Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)
Hello, Another report here. Description I found that www.joinolx.com has an option to do subscription for vacancy alert. So I took a look at that. I was able to include my HTML codes to manipulate emails sent to my address. The Name field in the subscription form doesn't validate the name to stri...
Design/Logic Flaw
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node...
Well-known Forum systems MyBB is burst 0day vulnerabilities-vulnerability warning-the black bar safety net
MyBB is very good Free Forum software, the biggest feature is simple but the functionality is surprisingly powerful. Multi-language support, may be respectively provided at the front Desk the background of the language, each user can set their own use what kind of language to access the forums,...
ntp: vallen in extension fields are not validated
A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash...
WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting
Exploit Title: Wordpress churchadmin Stored XSS Date: 21-04-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/church-admin/ Version: 0.800 OSVDB ID : http://www.osvdb.org/show/osvdb/121304 WPVULNDB ID : https://wpvulndb.com/vulnerabilities/7999 Category: webapps 1...