90 matches found
Schoolmate SQL Injection Vulnerability
Schoolmate is a PHP/MySQL solution for elementary, middle and high schools by mrmunkey22 Individual Developer. A security vulnerability exists in Schoolmate version 1.3, which stems from a SQL injection vulnerability in the variable $schoolname in the header.php database...
PT-2023-27712 · Unknown · Schoolmate
Name of the Vulnerable Software and Affected Versions: Schoolmate version 1.3 Description: The issue concerns SQL Injection in the schoolname variable from the Database, located at header.php. This allows for potential exploitation. Recommendations: For Schoolmate version 1.3, consider restrictin...
SUSE-SU-2023:2287-1 Security update for cups-filters, poppler, texlive
This update for cups-filters, poppler, texlive fixes the following issues: cups-filters: - CVE-2023-24805: Fixed a remote code execution in the beh backend bsc1211340. texlive: - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX bsc1211389. poppler: - Added missing header file...
SUSE CVE-2007-2956
Stack-based buffer overflow in the readRadianceHeader function in 1 src/fileformat/rgbeio.cpp in pfstools 1.6.2 and 2 src/Fileformat/rgbeio.cpp in Qtpfsgui 1.8.11 allows remote attackers to execute arbitrary code via a crafted Radiance RGBE .hdr file...
SUSE CVE-2019-20378
ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter...
SUSE CVE-2020-28008
Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...
SUSE CVE-2020-28026
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...
Vulnerability of the SNC_io parser function <EW>: read_facet(), incident_volume(). Component: Nef_S2/SNC_io parser.h library, algorithm library for computational geometry CGAL. This allows an intruder to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the SNCio parser function ::readfacet and fh-incidentvolume in the NefS2/SNCio parser component’s NefS2/SNCio parser.h file is related to unvalidated array indexing. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity...
CVE-2022-36647
PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...
tifig 代码问题漏洞
tifig is a Monostream open source fast HEIF image converter for thumbnails. tifig v0.2.2 version of the code problem vulnerability , the vulnerability stems from its /bits/stlvector.h component in the std::vector ::size function has a memory segment exception...
rsyslog security update
8.24.0-57.0.4.el79.3 - Newer gcc complains about implicit declaration of prctl. Added header file to quiesce the compiler 8.24.0-57.3 - Address CVE-2022-24903, Heap-based overflow in TCP syslog server resolves: rhbz2081395...
The vulnerability of the `pool_installable` function in the `src/repo.h` file of the Libsolv library allows a hacker to trigger a service failure.
The vulnerability of the poolinstallable function in the src/repo.h file of the Libsolv library is related to writing beyond buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause service failure...
UBUNTU-CVE-2021-33196
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count in an archive's header can cause a NewReader or OpenReader panic...
UBUNTU-CVE-2020-28026
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...
[SECURITY] Fedora 34 Update: CImg-2.9.7-1.fc34
The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...
[SECURITY] Fedora 32 Update: CImg-2.9.7-1.fc32
The CImg Library is an open-source C++ toolkit for image processing. It consists in a single header file 'CImg.h' providing a minimal set of C++ classes and methods that can be used in your own sources, to load/save, process and display images. Very portable, efficient and easy to use, it's a...
The vulnerabilities in the arch/s390/kvm/kvm-s390.c component, include/linux/kvm_host.h, and virt/kvm/kvm_main.c files of the Kernel-Based Virtual Machine (KVM) virtualization subsystem in Linux operating systems allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the arch/s390/kvm/kvm-s390.c component, include/linux/kvmhost.h, and virt/kvm/kvmmain.c file in the KVM virtualization subsystem of Linux operating systems is due to a buffer overflow issue. Exploiting this vulnerability could allow an attacker to compromise the...
libssh2 security update
1.8.0-4 - fix integer overflow in SSHMSGDISCONNECT logic CVE-2019-17498 1.8.0-3 - sanitize public header file detected by rpmdiff 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes CVE-2019-3863 - fix out-of-bounds memory comparison with specially...
Chadha PHPKB Cross-Site Scripting Vulnerability (CNVD-2020-17938)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A reflected cross-site scripting vulnerability exists in admin/optimize-database.php in Chadha PHPKB Standard Multi-Language 9. The...
Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Scripting Vulnerability (CNVD-2020-17957)
Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site scripting vulnerability exists in the way URIs are handled in the admin/header.php file in Chadha Software Technologies...