332 matches found
Unspecified Cross-Site Scripting Vulnerability in TYPO3 HTML5 Video Player Extension
TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. An unspecified cross-site scripting vulnerability exists in TYPO3 HTML5 Video Player Extension. Because the program fails to properly filter user-supplied input, an attacker could exploit the...
VLC Media Player Buffer Overflow Vulnerability (CNVD-2016-08641)
VLC media player is a well-known multimedia player that can play video and audio in many formats. A buffer overflow vulnerability exists in VLC media player, which can be exploited by an attacker to cause a denial of service and execute arbitrary code because the program fails to adequately...
SAP TREX Directory Traversal Vulnerability
SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. A directory traversal vulnerability exists in SAP TREX because the program fails to adequately filter user-submitted input. An attacker could leverage the directory traversal character '...' The vulnerabili...
Joomla! SecurityCheck and SecurityCheck Pro SQL Injection Vulnerability
Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . SecurityCheck and SecurityCheck Pro are among the network security extension components. A SQL injection vulnerability exists in...
markdown-it and NodeBB HTML Injection Vulnerabilities
markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...
Merethis Centreon 'getStats.php' Remote Command Execution Vulnerability
Merethis Centreon is an open source IT monitoring software from Merethis France that needs to be paired with Nagios to manage Nagios via the web web and to enable monitoring of networks, operating systems and applications via third-party components. A remote command execution vulnerability exists...
ManageEngine Applications Manager CommonAPIUtil getAdminMG Remote Code Execution Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A remote code execution...
IBM Tivoli Storage Manager stack buffer overflow vulnerability (CNVD-2015-02431)
IBM Tivoli Storage Manager TSM is a backup and recovery management solution from IBM in the United States. A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager. Due to the application failing to properly filter user-supplied input. Allowing an attacker to exploit the...
Nodesforum Remote File Inclusion Vulnerability
Nodesforum is a free PHP forum script. A remote file inclusion vulnerability exists in Nodesforum that stems from the program failing to adequately filter user-submitted input. An attacker could use this vulnerability to compromise the application and computer...
Ektron CMS XML External Entity Injection Vulnerability
Ektron CMS is a content management system. An injection vulnerability exists in the Ektron CMS XML external entity due to the application failing to properly filter user-supplied input before dynamically generating content. An attacker could exploit this vulnerability to execute arbitrary code...
USN-2473-1 coreutils vulnerabilities
It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. CVE-2009-4135 Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly...
CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...