5655 matches found
Cross site request forgery (csrf)
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow a remote attacker to obtain privileged information and conduct cross-site scripting XSS and cross-site request forgery CSRF attacks. For mor...
Design/Logic Flaw
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
Canteen Management v1.0 - SQL Injection Vulnerability
Exploit Title: Canteen-Management v1.0 - SQL Injection Exploit Author: nu11secur1ty Vendor: https://www.mayurik.com/ Software: https://github.com/nu11secur1ty/CVE-nu11secur1ty/blob/main/vendors/mayurik/2022/Canteen-Management/Docs/youthappam.zip?raw=true Reference:...
CVE-2023-28725
General Bytes Crypto Application Server CAS 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : perl-Net-Server (SUSE-SU-2023:0746-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0746-1 advisory. - CVE-2013-1841: Fixed insufficient hostname access checking bsc808830. Tenable has extracted the precedi...
CVE-2016-15028
A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...
Wordpress Plugin MMDeveloper A Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
The platform for automating work processes in VMware vRealize Orchestrator is vulnerable. The tools for managing virtual infrastructure in VMware vRealize Automation and the VMware Cloud Foundation virtualization platform are also vulnerable. This vulnerability stems from incorrect restrictions on XML references to external objects, allowing attackers to carry out XXE attacks.
The vulnerability of the VMware vRealize Orchestrator platform, which is used for automating work processes, as well as the VMware vRealize Automation tool for managing virtual infrastructure, and the VMware Cloud Foundation virtualization platform, is related to incorrect restrictions on XML...
K15742: Linux kernel vulnerabilities CVE-2014-6416, CVE-2014-6417, and CVE-2014-6418
Security Advisory Description CVE-2014-6416 Buffer overflow in net/ceph/authx.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service memory corruption and panic or possibly have unspecified other impact via a long unencrypted auth ticket...
K63104801: OpenVPN vulnerabilities CVE-2017-7508, CVE-2017-7520, CVE-2017-7521, and CVE-2017-7522
Security Advisory Description CVE-2017-7508 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service when receiving malformed IPv6 packet. CVE-2017-7520 OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service and/or possibly sensitive...
K6881: SSHv1 vulnerabilities CVE-2006-4924
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of F5...
K15604: Multiple rsync vulnerabilities
Security Advisory Description Following are descriptions of various rsync vulnerabilities: CVE-2006-2083 Integer overflow in the receivexattr function in the extended attributes patch xattr.c for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes th...
K13304944: NTP vulnerability CVE-2015-7974
Security Advisory Description NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." CVE-2015-7974 Impact...
K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883
Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...
K48802597: Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
Security Advisory Description CVE-2013-5825 Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect...
K15417: OpenSSL vulnerability CVE-2012-0050
Security Advisory Description Description OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service crash via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix f...
Cross site request forgery (csrf)
A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file editlist.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to...
CVE-2012-10008
A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and...
CVE-2023-0906
CVE-2023-0906 affects SourceCodester Online Pizza Ordering System 1.0. The vulnerable element is the function delete_category in the file ajax.php of the component POST Parameter Handler . The manipulation leads to missing authentication and a remote attack surface. Multiple sources classify the ...
SUSE CVE-2007-3474
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library libgd before 2.0.35 have unspecified impact and user-assisted remote attack vectors...