Astra Linux - уязвимость в libvncserver

It was discovered that the websockets.c file in LibVNCServer prior to version 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, resulting in a heap-based buffer overflow...

SUSE CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

OneNav 安全漏洞

OneNav is a minimalist navigation/bookmark management system developed using PHP. A security vulnerability exists in OneNav 0.9.12 which allows information disclosure of onenav.db3 content...

PT-2021-21960 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav beta version 0.9.12 Description: The issue allows for XSS via the Add Link feature. The vendor has stated that there is intentionally no XSS protection at present, as the attack risk is largely limited to a compromised account. However...

[SECURITY] [DLA 2687-1] prosody security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2687-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 15, 2021 https://wiki.debian.org/LTS -...

UBUNTU-CVE-2020-25708

A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service...

PT-2020-15458 · Jenkins · Jenkins Git Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Git Parameter Plugin versions 0.9.12 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. This occurs because the repository field on the 'Build with Parameters' page is not properly escape...

LibVNCServer Input Validation Error Vulnerability

LibVNCServer is a cross-platform C library that supports the implementation of VNC Virtual Network Computing server or client functionality in programs. An input validation error vulnerability exists in the libvncclient/cursor.c file in LibVNCServer version 0.9.12 and earlier. The vulnerability...

UBUNTU-CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

LibVNC libvncserver/rfbserver.c file heap out-of-bounds write vulnerability (CNVD-2019-05102)

LibVNC is a cross-platform C library for implementing VNC server and client functionality. A heap out-of-bounds write vulnerability exists in the libvncserver/rfbserver.c file in LibVNC versions prior to 0.9.12. An attacker can exploit the vulnerability to execute arbitrary code in the context of...

DEBIAN-CVE-2018-20749

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete...

UBUNTU-CVE-2018-20748

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete...

LibOFX Denial of Service Vulnerability

LibOFX is a library that allows programs to support OFX financial data bi-directional exchange command responses. A security vulnerability exists in the ofxprocfile of the ofxpreproc.cpp file in LibOFX version 0.9.12. A remote attacker can exploit this vulnerability with the help of a specially...

EtherApe RPC Packet Processing Denial of Service Vulnerability

This host is installed with EtherApe and is prone to denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbetheraperpccallparsingdosvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ EtherApe RPC Packet Processing Denial of Service Vulnerability Authors: Rachana Shetty Copyright:...

PT-2003-1619 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue is related to a problem in the DCERPC DCE/RPC dissector, allowing remote attackers to cause a denial of service by consuming memory via a certain NDR string. Recommendations: For...

PT-2003-1620 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow...

CVE-2002-0536

This CVE affects PHPGroupware 0.9.12 and earlier. When magic_quotes_gpc is disabled, remote attackers can perform a SQL injection to compromise the database. The issue is caused by insufficient input handling in the affected PHPGroupware deployment, enabling unauthorized access to database data. ...

SQL injection in PHPGroupware

Preface PHPGroupware is a Groupware application written in PHP. It provides a framework of applications like calendar, ToDo list, notes, HR management, that come with PHPGroupware as well as an API to write new applications. All data is stored in an SQL database. + Problem PHPGroupware 0.9.12 the...