173 matches found
PT-2025-11144
Name of the Vulnerable Software and Affected Versions: EdDSA-Java aka ed25519-java versions 0.3.0 and earlier Description: The implementation of EdDSA in EdDSA-Java exhibits signature malleability and does not satisfy the SUF-CMA property. This allows attackers to create new valid signatures...
CVE-2020-3526
A vulnerability in the Common Open Policy Service COPS engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this...
Automattic: Permanent DoS with one click.
Summary: Hello Team, messages of a user who deletes their account leave DoS effects on another user. Platforms Affected: website/mobile app/service Steps To Reproduce & PoC: Before you start testing, create two accounts. [email protected] [email protected] Confirm e-mails to sen...
OTRS 6.0.x < 6.0.25, 7.0.x < 7.0.14 Message Vulnerability
OTRS is prone to a vulnerability where it is possible to send drafted messages as wrong agent. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2019-6840
A Format String: CWE-134 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to send a crafted messa...
Information disclosure
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...
CVE-2019-7941
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user...
CVE-2018-14990
CVE-2018-14990 affects multiple Android devices (Coolpad Defiant, ZTE ZMAX Pro, T-Mobile Revvl Plus) due to a pre-installed Rich Communication Services (RCS) app. The vulnerable components include a package named com.suntek.mway.rcs.app.service (with a TestReceiver broadcast receiver) and a refac...
SUSE-SU-2019:0249-1 Security update for curl
This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP bsc1123378. - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message...
vtisk.si XSS vulnerability
Open Bug Bounty ID: OBB-641462 Description| Value ---|--- Affected Website:| vtisk.si Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system allows a perpetrator to execute arbitrary code.
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system is related to unvalidated array indexing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code read from beyond the memory limit using a...
CVE-2017-5001
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more...
Code injection
SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors...
Ekahau Real-Time Location Tracking System weak encryption
It's possible to read and generate messages...
PBBoard CMS - Persistent Cross-Site Scripting
PBBoard CMS - Persistent Cross-Site Scripting Exploit Title : PBBoard CMS Stored xss vulnerability Author : Manish Kishan Tanwar Vendor : http://www.pbboard.info/ version affected: all Date : 7/12/2014 Discovered @ : INDISHELL Lab Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,jagrit...
CVE-2013-6933
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 space or 2 tab character at the beginning of an...
Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)
It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. CVE-2012-4522 It was found that...
CVE-2011-3775
PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xestion/varios/logs.inc.php and certain other files...
CVE-2011-3702
The vulnerability CVE-2011-3702 affects Ananta Gazelle 1.0. Affected software is Ananta Gazelle 1.0; exposure occurs via a direct request to a PHP file (e.g., modules/template.php) that reveals the installation path in an error message. This constitutes an information disclosure vulnerability, al...
Denial of service
Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.24.45, 8.0 before 8.04.44, 8.1 before 8.12.35, and 8.2 before 8.21.10, allows remote attackers to cause a denial of service page fault and device reload via a malformed DTLS message, aka Bug ID CSCtb64913...