8221 matches found
CVE-2021-31516
CVE-2021-31516 affects Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). The flaw is in BNDB file parsing where the code does not validate the existence of an object before performing operations, enabling a remote attacker to execute code in the current process. Exploitation requires user inte...
CVE-2021-31515
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 Build ID 88f343c3. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...
CVE-2021-31515
CVE-2021-31515 affects Vector 35 Binary Ninja 2.3.2660 and relates to BNDB file parsing. The flaw is an out-of-bounds read caused by insufficient validation of user-supplied BNDB data, which can let an attacker execute code in the target process. Exploitation requires user interaction (visiting a...
Infoblox NIOS 安全漏洞
Infoblox NIOS is an operating system that powers Infoblox core network services. It ensures uninterrupted operation of the network infrastructure. A security vulnerability exists in Infoblox NIOS versions prior to 8.5.2, which stems from a program that allows entity expansion during an XML upload...
Zenly: Friend Request Flow Exposes User Data
Summary: When submitting a friend request to a user, Zenly will allow access to their phone number regardless of whether the friend request is accepted or not. To obtain this information, a malicious actor only needs to know their username. Steps To Reproduce: To reproduce this issue, an...
NVIDIA GeForce Experience 安全漏洞
NVIDIA GeForce Experience is a set of automatic graphics card update tools from Nvidia Corporation. A cross-site scripting vulnerability exists in NVIDIA GeForce Experience, which could be exploited by attackers to trick users into clicking on a maliciously formatted link in their browser and...
Improper input validation in CNCF Cortex
The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth passwordfile can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack...
Low: samba
Issue Overview: No CVE associated with this advisory Affected Packages: samba Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update samba or yum update...
Online Library Management System 1.0 SQL Injection
Exploit Title: Online Library Management System 1.0 - 'Search' SQL Injection Date: 23-06-2021 Exploit Author: Berk Can Geyikci Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/ols.zip Version: 1.0 Tested on: Windows...
CVE-2021-20742
Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...
CVE-2021-20742
Cross-site scripting vulnerability in EC-CUBE Business form output plugin for EC-CUBE 3.0 series versions prior to version 1.0.1 allows a remote attacker to inject an arbitrary script via unspecified vector...
SQL Injection Vulnerability in the Equipment Management System of Shenzhen Chaohenghui Technology Co.
LELIGHT is the brand of wireless network series products independently developed by Shenzhen Chaohanghui Network Technology Co., Ltd, which covers: intelligent gateway, digital bridge, intelligent wireless router, POE switch and so on. Shenzhen Chaohanghui Equipment Management System has a SQL...
Threat Actors Use Google Docs to Host Phishing Attacks
Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials. Researchers at email and collaboration security firm Avanan discovered the campaign, which is th...
Hitachi Application Server 跨站脚本漏洞
Hitachi Application Server is a server from Hitachi, Japan. A cross-site scripting vulnerability exists in Hitachi Application Server that could allow a remote attacker to inject arbitrary script via an unspecified vector...
Nextcloud Android app 信息泄露漏洞
Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. The Nextcloud Android app suffers from an information disclosure vulnerability that can be exploited by an attacker to gain access to shared preference information in the Nextcloud...
Fedora: Security Advisory for lasso (FEDORA-2021-bb3ea1e191)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Pagekit 跨站脚本漏洞
Pagekit is a modular, lightweight CMS content management system. pageKit has a cross-site scripting vulnerability, which stems from the fact that SVG files may contain malicious scripts that can be exploited by attackers to trigger XSS attacks...
PT-2021-19395 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.4.55 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...
CVE-2019-25046
The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document...
Vector 35 Binary Ninja 缓冲区错误漏洞
Vector 35 Binary Ninja is a repository. This repository contains documentation and source code for the Binary Ninja reverse engineering platform API. A buffer error vulnerability exists in Vector 35 Binary Ninja that could allow a remote attacker to execute arbitrary code on an affected Vector 35...