38 matches found
UBUNTU-CVE-2022-31151
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or...
CVE-2022-24198
iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...
PT-2021-4604 · Cisco · Cisco Asa +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacke...
IBM Tivoli Storage Manager Operations Center 缓冲区错误漏洞
A buffer overflow vulnerability exists in IBM Tivoli Storage Manager Operations Center, a next-generation simplified backup management solution from IBM USA, which can be exploited in The vulnerability can be exploited in "interactive" mode and cannot be exploited in batch or command line use due...
DEBIAN-CVE-2019-25039
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...
DEBIAN-CVE-2019-25040
Unbound before 1.9.5 allows an infinite loop via a compressed name in dnamepktcopy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited...
CVE-2020-25786
webinc/js/info.php on D-Link DIR-816L 2.06.B09BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding except in Internet...
CVE-2015-1850
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none...
CVE-2015-1850
CVE-2015-1850 entry is rejected and not an active vulnerability; do not use this candidate number.
DLL hijacking and the Opera browser
Security DLL hijacking and the Opera browser Share March 10th, 2017 Recently, a collection of documents was released online, which was claimed to have originated with a major World power. The documents listed hacking vectors that could be used to inject code into major operating systems and...
openSUSE Security Update : kernel (openSUSE-SU-2011:0004-1)
The openSUSE 11.3 kernel was updated to fix various bugs and security issues. Following security issues have been fixed: CVE-2010-4347: A local user could inject ACPI code into the kernel via the world-writable 'customdebug' file, allowing local privilege escalation. CVE-2010-4258: A local attack...
FlashComs Chat 6.5 - Arbitrary File Upload
"@".$options'f'."","fileId" = $options"f"; $result = curlexec$handle; ifstrpos$result,"UPLOADSUCCESS" echo "\n\n"; echo "\t+ Exploitation success!!\n"; echo "\t...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in tblgisvisualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the 1 visualizationSettingswidth or 2 visualizationSettingsheight parameter. NOTE: a third party reports that this ...
MS12-042: Vulnerabilities in Windows Kernel could allow elevation of privilege: June 12, 2012
Resolves vulnerabilities in Microsoft Windows that could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that exploits the vulnerability. An attacker must have valid logon credentials and be able to log on locally to exploit this...
CVE-2007-2056
Rejected reason: The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files aka "time-of-check-time-of-use file race". NOTE: the researcher has retracted the original advisory, stating that "th...
Specially crafted Java applets can crash Opera – Opera Security Advisories
Specially crafted Java applets can crash Opera – Opera Security Advisories OPCOM Team | November 23, 2005 Summary A specially crafted Java applet can cause Opera to crash. Severity: Not exploitable Problem description Java code using LiveConnect methods to remove a property of aJavaScript object...
CVE-2003-0790
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a "head-reading" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, th...
CVE-2003-0790
This CVE entry is rejected/not used and does not represent an active vulnerability.