5655 matches found
Important: audiofile
Issue Overview: Buffer overflow in the afReadFrames function in audiofile aka libaudiofile and Audio File Library allows user-assisted remote attackers to cause a denial of service program crash or possibly execute arbitrary code via a crafted audio file, as demonstrated by...
The vulnerability of the wpo365 plugin of the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the wpo365 plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2023-46219, CVE-2023-46218 Vulnerability Details CVEID:CVE-2023-46219 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw...
ROS-20240711-02
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
...
Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
Overview A use-after-free vulnerability in lighttpd in versions 1.4.50 and earlier permits a remote, unauthenticated attacker to trigger lighttpd to read from invalid pointers in memory. The attacker can use crafted HTTP Requests to crash the web server and/or leak memory in order to access...
CVE-2024-6373
A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The...
ROS-20240607-07
Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...
OpenSSL 0.9.7 < 0.9.7h Vulnerability
The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...
CVE-2024-5653
CVE-2024-5653 affects Chanjet Smooth T+system 3.5. The SQL injection vulnerability arises from insecure handling of the KeyID parameter in /tplus/UFAQD/keyEdit.aspx, enabling remote exploitation. Multiple sources corroborate the issue and indicate public exploitation may be possible. Remediation ...
RHEL 7 : openvswitch (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dpdk: librtevhost Integer truncation in vhostusercheckandallocqueuepair CVE-2020-10723 - openvswitch:...
CVE-2024-5099
CVE-2024-5099 concerns SourceCodester Simple Inventory System 1.0. The vulnerability resides in the file updateprice.php , where manipulating the argument ITEM results in an SQL injection. The issue is exploitable remotely, and public exploit information has been disclosed. Several connected sour...
PT-2024-11707 · Unknown · Lenderd 1003 Mortgage Application
Name of the Vulnerable Software and Affected Versions: Lenderd 1003 Mortgage Application versions 1.75 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, which allows Relative Path...
CVE-2024-4965
The CVE-2024-4965 issue is a remote OS command injection in D-Link DAR-7000-40 (V31R02B1413C) triggered by manipulating the load parameter in /useratte/resmanage.php. Affected product: D-Link DAR-7000-40 (and possibly DAR-7000/DAR-8000 per PT-2024-3650). Root cause: lack of input neutralization i...
ROS-20240514-16
The vulnerability of the file includes/specials/SpecialMovePage.php of the software tool for implementing the MediaWiki hypertext environment is related to incorrect resource clearing or freeing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
RHEL 6 : qt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - qt: QPluginLoader loads plugins relative to CWD which could result in arbitrary code execution...
RHEL 7 : mutt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - An issue was discovered in Mutt before 1.10.1 and...
PT-2024-25734
Name of the Vulnerable Software and Affected Versions TinyWeb versions 1.94 and below Description The issue allows unauthenticated remote attackers to cause a denial of service, specifically a buffer overflow, when sending excessively large elements in the request line. Recommendations For TinyWe...
PT-2024-32239
Name of the Vulnerable Software and Affected Versions Campcodes Complete Web-Based School Management System version 1.0 Description A problematic issue has been found in the system, affecting the /view/exam timetable grade wise.php file. The exam argument is vulnerable to cross-site scripting...
CVE-2024-4500
SourceCodester Prison Management System 1.0 contains a vulnerability in the /Employee/edit-photo.php handler. The parameter userImage enables unrestricted file upload, which can be triggered remotely. The issue is explicitly described as allowing an unrestricted upload and has been publicly discl...