255 matches found
CVE-2019-1010161
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in decodejws. The attack vector is: network connectivitycrafting user-controlled input to bypass authentication. The fixed...
Cross-Site Scripting (XSS)
diagram-js is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser user-controlled input in search-pad to steal session tokens or perform unwanted actions on behalf of the user...
WordPress Aliyun 5.2 Open Redirection
Exploit Title : WordPress Aliyun Themes 5.2 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 23/05/2019 Vendor Homepage : aliyunhelp.com - zmingcx.com Version : WordPress Version 4.9.10 - Theme Version 5.2 Tested On : Windows and Linux Category :...
Masch CMStudio Banners 8.6.1 Open Redirection
Exploit Title : Masch CMStudio Banners Modules 8.6.1 Open Redirection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 28/03/2019 Vendor Homepage : masch.com/en-us/home/ Software Information Link : masch.com/en/cmstudio-enterprise/ Software Affected Versions :...
CVE-2018-1000649
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...
CVE-2018-1000649
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...
Design/Logic Flaw
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...
CVE-2018-1000649
LibreHealthIO LH-EHR REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in letter.php (2) within the Patient file letter functions. The issue allows writing files with malicious content via user-controlled input, potentially enabling remote code execution. This entry is cor...
CVE-2018-1000649
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...
iBall Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connectio...
CVE-2018-5955
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI...
CVE-2017-16556
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations...
Hardcoded credentials
In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the K7Sentry device is not sufficiently authenticated: a local user with a LOW integrity process can access a raw hard disk by sending a specific IOCTL...
Memory corruption
In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be used to allow local users to write to arbitrary memory locations...
Null pointer dereference
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the...