4310 matches found
CVE-2018-19970
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...
phpMyAdmin -- multiple vulnerabilities
The phpMyAdmin development team reports: Summary Local file inclusion through transformation feature Description A flaw has been found where an attacker can exploit phpMyAdmin to leak the contents of a local file. The attacker must have access to the phpMyAdmin Configuration Storage tables,...
USN-3829-1: Git vulnerabilities
It was discovered that Git incorrectly handled layers of tree objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2017-15298 It was discovered that Git incorrectly handled certain inputs. An attacker...
CVE-2018-19352
The CVE-2018-19352 issue affects Jupyter Notebook prior to 5.7.2. The root cause is unsafe handling in the tree view, specifically crafted directory names (in notebook/static/tree/js/notebooklist.js) that allow cross‑site scripting. Impact per the sources: a remote attacker can execute JavaScript...
Microsoft Internet Explorer 11 - Null Pointer Dereference
Microsoft Internet Explorer 11 - Null Pointer Dereference Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134...
Microsoft Internet Explorer 11 - Null Pointer Dereference Exploit
Exploit for windows platform in category local exploits Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0...
Microsoft Internet Explorer 11 - Null Pointer Dereference
Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0 Update Versions: 11.0.90 KB4462949 11.1387.15063.0 Upda...
Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference
Summary Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year. Description The crash is caused due to a NU...
GHSA-GX96-VGF7-HWFG In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
Debian: Security Advisory (DLA-1547-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache PDFBox parser denial of service vulnerability
Apache PDFBox is the United States Apache Apache Software Foundation of an open source, Java-based and provide the creation of new PDF documents, modify existing PDF documents and other features of the tool library. Apache PDFBox parser there is a denial-of-service vulnerability, attackers use...
Code injection
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
UBUNTU-CVE-2018-11797
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
DEBIAN-CVE-2018-11797
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
CVE-2018-11797
CVE-2018-11797 affects Apache PDFBox 1.8.0–1.8.15 and 2.0.0-RC1–2.0.11, where parsing the PDF page tree can trigger an extremely long computation (denial of service). The issue is caused by the page-tree parsing logic; exploitation details are not provided in the documents. Connected sources conf...
Taxonomy File Tree - Moderately critical - Access bypass - SA-CONTRIB-2018-061
Taxonomy File Tree allows site managers to create file trees. For files managed as Drupal files, the module does not properly check that a user has access to a file before letting the user download the file. This vulnerability only affects sites that use private files...
Important: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
ASUSTOR ADM SQL Injection Vulnerability
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. photo gallery is one of the photo management applications. An SQL injection vulnerability exists in the 'albumid' and 'scope' parameters of the tree list function of the photo gallery application in ASUSTOR...
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the 'albumid' or 'scope' parameter via a photo-gallery/api/album/treelists/ URI...
CVE-2018-11511
The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘albumid’ or ‘scope’ parameter via a photo-gallery/api/album/treelists/ URI. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...