330 matches found
Denial Of Service (DoS)
libvpx.so is vulnerable to denial of service DoS. The vulnerability exists because of lack of proper validation of input parameters in mkvparser.cc, leading to a resource consumption and application crash...
Vanguard <= 2.1 - Multiple Cross-Site Scripting (XSS)
The plugin does not sanitise, validate or escape some of its parameters before outputting the back in various place, leading to either Stored or Reflected Cross-Site Scripting issues PoC Put the following payload in the In Products Search box: " POST /search HTTP/1.1 Accept:...
Design/Logic Flaw
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...
GHSA-H595-8PW6-5Q6V Inadequate Encryption Strength in DotNetNuke
DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...
Inadequate Encryption Strength in DotNetNuke
DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...
CVE-2018-18325
DNN aka DotNetNuke 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811...
CVE-2018-18325
Summary: CVE-2018-18325 affects DNN (DotNetNuke) platforms running version 9.2 through 9.2.2. The issue is an inadequate encryption strength for input parameters, arising from an incomplete fix for CVE-2018-15811. The vulnerability is tied to the use of a weak encryption algorithm in protecting i...
CVE-2018-15811
DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters...
CVE-2018-15811
CVE-2018-15811 – DNN series (DotNetNuke) vulnerable to weak encryption . The provided sources confirm that DNN platforms running 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters (notably in cookies), representing a vulnerability in the protection of parameter data. Th...
CVE-2018-15811
DNN aka DotNetNuke 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
CVE-2018-16251
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...
CVE-2018-16251
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...
Design/Logic Flaw
A "search for user discovery" injection issue exists in Creatiwity wityCMS 0.6.2 via the "Utilisateur" menu. No input parameters are filtered, e.g., the /admin/user/users Nickname, email, firstname, lastname, and groupe parameters...
Directory traversal
Dell EMC Open Manage System Administrator OMSA versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient...
CVE-2019-3720 Directory Traversal Vulnerability
Dell EMC Open Manage System Administrator OMSA versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exploit this vulnerability to gain unauthorized access to the file system by exploiting insufficient...
CVE-2019-1677 Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...
CVE-2019-1677 Cisco Webex Meetings for Android Cross-Site Scripting Vulnerability
A vulnerability in Cisco Webex Meetings for Android could allow an unauthenticated, local attacker to perform a cross-site scripting attack against the application. The vulnerability is due to insufficient validation of the application input parameters. An attacker could exploit this vulnerabilit...
Cross-Site Scripting (XSS)
PrimeFaces Extensions is vulnerable to cross-site scripting XSS. The vulnerability is possible because it fails to validate the input parameters in the triStateManyCheckbox function...
kernel: MIDI driver race condition leads to a double-free
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc double free in sndrawmidiinputparams and sndrawmidioutputstatus which are part of sndrawmidiioctl handler in rawmidi.c file. A malicious local attacker could possibly use this f...
CVE-2017-17176
The hardware security module of Mate 9 and Mate 9 Pro Huawei smart phones with the versions earlier before MHA-AL00BC00B156, versions earlier before MHA-CL00BC00B156, versions earlier before MHA-DL00BC00B156, versions earlier before MHA-TL00BC00B156, versions earlier before LON-AL00BC00B156,...