68 matches found
Parks Fiberlink 操作系统命令注入漏洞
Parks Fiberlink is a high-performance OLT from Parks designed to deliver ultra-broadband services to large numbers of subscribers in a fast and cost-effective manner. A security vulnerability exists in Parks Fiberlink version 210 2.1.14X000, which stems from a problem with the...
SUSE CVE-2003-0468
Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate...
SUSE CVE-2021-27927
In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.0alpha1 before 5.4.0beta2, the CControllerAuthenticationUpdate controller lacks a CSRF protection mechanism. The code inside this controller calls diableSIDValidation inside the init method. An...
wkhtmltopdf 代码问题漏洞
wkhtmltopdf is wkhtmltopdf open source a library . Used to convert HTML to PDF. A code issue vulnerability exists in wkhtmltopdf version 0.12.6, which stems from the fact that it allows an attacker to gain initial access to a target system by injecting an iframe tag with the IP address of the...
UBUNTU-CVE-2018-25022
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address when knowing only their Tox Id by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion...
Mozilla: URL leakage when navigating while executing asynchronous function
The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...
Mozilla: URL leakage when navigating while executing asynchronous function
The Mozilla Foundation Security Advisory describes this flaw as: Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL...
UBUNTU-CVE-2021-43536
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...
Mozilla Firefox ESR 信息泄露漏洞
Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser. Mozilla Firefox ESR suffers from an information disclosure vulnerability that stems from the fact that in some cases, an asynchronous function may cause a navigation failure that exposes the target...
CVE-2020-19769
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19768
A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19769
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19767
A lack of target address verification in the destroycontract function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script...
Code injection
A lack of target address verification in the selfdestructs function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script...
Design/Logic Flaw
A lack of target address verification in the BurnMe function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script...
Code injection
A lack of target address verification in the destroycontract function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script...
CVE-2020-19767
CVE-2020-19767 affects 0xRACER v1.0: a lack of target address verification in the destroycontract() function enables an attacker to steal tokens from victim users via a crafted script. Root cause: input/target address validation gap in destroycontract(). Documents do not provide a confirmed fix o...
CVE-2020-19769
CVE-2020-19769 : A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. Affected software: Rob The Bank 1.0 (BurnMe() function). Root cause: missing target address verification. Impact: token thef...
CVE-2017-17860
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone...
unsorted bin attack analysis-vulnerability warning-the black bar safety net
One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...