103 matches found
Firely/Incendi Spark 安全漏洞
Spark is a public domain FHIR server developed using C. A security vulnerability exists in versions prior to Firely/Incendi Spark 1.5.5-r4, which stems from the lack of a Content-Disposition header in some cases, which could result in carefully crafted files being delivered to the client to be...
CVE-2019-19381
Affected product: Abacus OAuth Login. Vulnerable component: oauth/oauth2/v1/saml/ handling. Root cause: reflected XSS triggered by error message in the login flow for version 2019_01_r4_20191021_0000 prior to R4. Impact: could allow execution of JavaScript in a user’s browser (client-side impact)...
OpenSSH: Integer overflow
Background OpenSSH is a complete SSH protocol implementation that includes SFTP client and server support. Description OpenSSH, when built with “xmss” USE flag enabled, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. NOTE: This USE flag is...
GLSA-201908-22 : Patch: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201908-22 Patch: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : A local attacker could pass a specially crafted diff file t...
Rockwell Automation DeviceLink - micro to micro connector 1485D-A2F5-R4 Discrete I/O
Binary data 752722.prm...
Rockwell Automation DeviceLink - conductor to micro 1485D-A3C3-R4 Discrete I/O
Binary data 752717.prm...
Mitsubishi L6ADP-R4 Communications Adapter Detection
Binary data 751763.prm...
Rockwell Automation DeviceLink - mini to micro connector 1485D-A2M5-R4 Discrete I/O
Binary data 752711.prm...
Rockwell Automation DeviceLink - mini to micro connector 1485D-A3M5-R4 Discrete I/O
Binary data 752712.prm...
Mitsubishi RJ71C24-R4 Communications Adapter Detection
Binary data 752174.prm...
Rockwell Automation DeviceLink - mini to micro connector 1485D-A2M5-R4 Discrete I/O
Binary data 752710.prm...
Rockwell Automation DeviceLink - micro to micro connector 1485D-A1F5-R4 Discrete I/O
Binary data 752721.prm...
Cambium Networks cnPilot Backdoor Access Elevation of Privilege Vulnerability
Cambium Networks cnPilot is a cloud-enabled managed single-band router product from Cambium Networks, USA. A security vulnerability exists in Cambium Networks cnPilot using firmware version 4.3.2-R4 and earlier. An attacker can exploit the vulnerability by accessing the web shell using the...
Cambium cnPilot r200/r201 File Path Traversal
This module exploits a File Path Traversal vulnerability in Cambium cnPilot r200/r201 to read arbitrary files off the file system. Affected versions - 4.3.3-R4 and prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...
VDE: Privilege escalation
Background VDE is an ethernet compliant virtual network that can be spawned over a set of physical computer over the Internet. Description It was discovered that Gentoo’s default VDE installation suffered from a privilege escalation vulnerability in the init script. This script calls an unsafe...
Lua: Buffer overflow
Background Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Description A buffer overflow was discovered in the vararg functions in ldo....
Xen: Multiple vulnerabilities
Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact A local attacker could possibly execute arbitrary code with the privileges of the process, could gain privileges on t...
Android libstagefright - Integer Overflow Remote Code Execution
Exploit for Android platform in category remote exploits !/usr/bin/python2 import cherrypy import os import pwnlib.asm as asm import pwnlib.elf as elf import sys import struct with open'shellcode.bin', 'rb' as tmp: shellcode = tmp.read while lenshellcode % 4 != 0: shellcode += '\x00' heap groomin...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the tiff package up to version 3.8.2-r4 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the qt package up to version 3.3.8-r4 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...