175 matches found
CVE-2023-44855
Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub219C4 function in the acuweb file...
CVE-2023-44856
Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub21D24 function in the acuweb file...
CVE-2023-44856
Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019, allows a remote attacker to execute arbitrary code via a crafted script to the rstat, sender, and recipients' parameters of the sub21D24 function in the acuweb file...
PT-2024-13204 · Cobham · Cobham Sailor Vsat Ku
Name of the Vulnerable Software and Affected Versions: Cobham SAILOR VSAT Ku version 164B019 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub 219C4 function in the acu web file. This is a Cros...
CVE-2023-44855
CVE-2023-44855 affects Cobham SAILOR VSAT Ku v.164B019. The vulnerability is a Cross Site Scripting (XSS) flaw in the acu_web file, exploitable via a crafted script in the rdiag, sender, and recipients parameters of the sub_219C4 function. This allows a remote attacker to execute arbitrary code i...
CVE-2023-44855
Cross Site Scripting XSS vulnerability in Cobham SAILOR VSAT Ku v.164B019 allows a remote attacker to execute arbitrary code via a crafted script to the rdiag, sender, and recipients parameters of the sub219C4 function in the acuweb file...
Mozilla: S/MIME signature accepted despite mismatching message date
The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...
Croc Security Breach
croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc 9.6.5 and earlier versions that stems from allowing an attacker to send dangerous files to the recipient...
SourceCodester Vehicle Management Cross-Site Scripting Vulnerability
SourceCodester Vehicle Management is a vehicle management software from SourceCodester, Inc. A security vulnerability exists in SourceCodester Vehicle Management version 1.0 that stems from the susceptibility to cross-site scripting XSS attacks when adding accounts via invoice numbers, recipients...
Upgraded Q -> 2 from #882 [1683052821779]
Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: In function buy and sell if one royalty recipients reverts whole transaction will fail --- The text was updated successfully, but these errors were encountered: All reactions...
Thunderbird: Revocation status of S/Mime recipient certificates was not checked
The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...
SUSE CVE-2005-3351
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients "To" addresses, which triggers a bus error in Perl...
SUSE CVE-2009-4111
Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-402...
SUSE CVE-2014-5369
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network...
SUSE CVE-2020-28017
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receiveaddrecipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption...
PT-2023-19088 · Metabase · Metabase
Name of the Vulnerable Software and Affected Versions: Metabase versions prior to 0.43.7.1 Metabase versions prior to 1.43.7.1 Metabase versions prior to 0.44.6.1 Metabase versions prior to 1.44.6.1 Metabase versions prior to 0.45.2.1 Metabase versions prior to 1.45.2.1 Description: Metabase is a...
Sql injection
WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...
WoWonder Social Network Platform SQL注入漏洞
WoWonder Social Network Platform is a PHP social networking script by WoWonder. It is used to create your own social networking website. A security vulnerability exists in WoWonder Social Network Platform version 4.1.4, which stems from an attacker being able to implement SQL injection via the...
_payoutEth() calculates balance with an offset, always leaving dust ETH in the contract
Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which sends the payment to the recipients based on their associated bp The issue is that the balance...
_payoutEth() gas computation can make call revert even if balance is sufficient
Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which computes the gasCost, then proceeds to check balance - gasCost 10000 before sending the result...