98 matches found
The vulnerability of D-Link DIR-823G router microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This vulnerability allows a hacker to execute arbitrary operating system commands.
The vulnerability of the D-Link DIR-823G router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands usin...
CVE-2022-3001
This vulnerability exists in Milesight Video Management Systems VMS, all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http request on the target...
CVE-2022-36035 Flux CLI Workload Injection
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...
USN-5272-1 hdf5 vulnerabilities
It was discovered that HDF5 incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...
PT-2022-20575 · Jquery +5 · Jquery Ui +5
Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.2 Moodle versions prior to 3.11.17-alt1 Description: jQuery UI, a collection of user interface interactions, effects, widgets, and themes built on jQuery, is susceptible to a cross-site scripting XSS issue...
USN-5519-1 python2.7, python3.10, python3.4, python3.5, python3.6, python3.8, python3.9 vulnerability
It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code...
USN-5159-1 node-bl vulnerability
It was discovered that bl incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service...
USN-4754-5 python2.7 vulnerability
USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177 in Ubuntu 14.04 ESM. Original advisory details: It was discovered that Python incorrectly handled certain inputs. A...
The vulnerability of NETGEAR Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from insufficient cleaning of input data, allowing attackers to execute arbitrary commands.
The vulnerability of NETGEAR Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
USN-4476-1 nss vulnerability
It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information...
MGASA-2019-0246 Updated monit packages fix security vulnerabilities
Updated monit package fixes security vulnerabilities: Zack Flack discovered that Monit incorrectly handled certain input. A remote authenticated user could exploit this to conduct cross-site scripting XSS attacks CVE-2019-11454. Zack Flack discovered a buffer overread when Monit decoded certain...
[Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass
Title: Invision Power Board = 2.3.5 Multiple Vulnerabilities and Security Bypass Vendor: http://www.invisionpower.com/community/board/ Advisory: http://acid-root.new.fr/?0:18 Author: DarkFig gmdarkfig at gmail dot com Released on: 2008/08/29 Changelog: 2008/08/29 Summary: Introduction Blind SQL...
Debian DSA-144-1 : wwwoffle - improper input handling
A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than...
DansGuardian 2.2.x - Denied URL Cross-Site Scripting
DansGuardian 2.2.x - Denied URL Cross-Site Scripting source: https://www.securityfocus.com/bid/8876/info A problem has been reported in the handling of some types of input to DansGuardian. This problem may permit an attacker to launch cross-site scripting attacks...
Tutos 1.1 - 'File_Select.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8011/info It has been reported that Tutos does not properly handle input to the fileselect script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site...
Tutos 1.1 - File_New Arbitrary File Upload
source: https://www.securityfocus.com/bid/8012/info It has been reported that Tutos does not properly handle input to the filenew script. Because of this, an attacker may be able to upload arbitrary files to a vulnerable site. We can upload via...
Xynph FTP Server 1.0 - Directory Traversal
source: https://www.securityfocus.com/bid/6587/info A problem with the handling of input has been reported in Xynph FTP Server. Under some circumstances, it may be possible for a remote user to escape the FTP root directory using relative path notation. This could allow unauthorized access to...
[SECURITY] [DSA 144-1] New wwwoffle packages fix security related problems
-------------------------------------------------------------------------- Debian Security Advisory DSA 144-1 [email protected] http://www.debian.org/security/ Martin Schulze August 6th, 2002 - -------------------------------------------------------------------------- Package : wwwoffle...