122 matches found
PT-2021-14667 · Oracle +1 · Java +1
Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.1 and earlier Description: The issue arises from an incorrect permission check, allowing attackers with Item/Read permission on nested items to access them even if they lack Item/Rea...
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the...
CVE-2020-15186
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...
CVE-2020-3546
A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are se...
Multiple NETGEAR switching hubs vulnerable to cross-site request forgery
Overview GS716Tv2 and GS724Tv3 switching hubs provided by NETGEAR contain a cross-site request forgery vulnerability. Rei Yano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user views a malicious page...
Privilege Escalation in PAN-OS
Palo Alto Networks is aware of an integer overflow vulnerability in the Linux kernel's createelftables function. Ref PAN-105966, CVE-2018-14634 Successful exploitation of this issue may allow an unprivileged local user to escalate their privileges on the system. To successfully exploit this...
CVE-2017-6743
The Simple Network Management Protocol SNMP subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these...
MFC-J960DWN vulnerable to cross-site request forgery
Overview MFC-J960DWN provided by BROTHER INDUSTRIES, LTD. is a MultiFunction Printer. MFC-J960DWN contains a cross-site request forgery vulnerability CWE-352. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
PT-2016-6898 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.4.7.29 through 9.1.7.4 Description: A denial of service issue exists due to the improper handling of DHCP packets by the DHCP Relay feature. This can be exploited by an unauthenticated...
PT-2007-1358 · Exv2 · Exv2
Name of the Vulnerable Software and Affected Versions: exV2 versions 2.0.4.3 and earlier Description: The issue allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code. This is achieved by modifying the xoopsOption'pagetyp...
PT-2006-5223 · Phpdig +1 · Phpdig +1
Name of the Vulnerable Software and Affected Versions: Jetbox CMS version 2.1 Description: The issue concerns a remote file inclusion vulnerability. It allows remote attackers to execute arbitrary PHP code via a URL in the relative script path parameter. This is a different vector from a previous...
Hashcash: Format string vulnerability
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address...
GLSA-200502-30 : cmd5checkpw: Local password leak vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-30 cmd5checkpw: Local password leak vulnerability Florian Westphal discovered that cmd5checkpw is installed setuid cmd5checkpw but does not drop privileges before calling execvp, so the invoked program retains the cmd5check...
vbulletin306.txt
Summary: vbulletin 3.0.6 and below php code injection Description =========== vBulletin is a powerful, scalable and fully customizable forums package for your web site. It has been written using the Web's quickest-growing scripting language; PHP, and is complimented with a highly efficient and...
Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulnerabilities ====================================================================== Revision 1.0 For Public Release 2005 February 24 1600 UTC GMT...
GLSA-200501-20 : o3read: Buffer overflow during file conversion
The remote host is affected by the vulnerability described in GLSA-200501-20 o3read: Buffer overflow during file conversion Wiktor Kopec discovered that the parsehtml function in o3read.c copies any number of bytes into a 1024-byte t array. Impact : Using a specially crafted file, possibly...
GLSA-200501-11 : Dillo: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200501-11 Dillo: Format string vulnerability Gentoo Linux developer Tavis Ormandy found a format string bug in Dillo's handling of messages in aInterfacemsg. Impact : An attacker could craft a malicious web page which, when access...
GLSA-200501-27 : Ethereal: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-27 Ethereal: Multiple vulnerabilities There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.9, including: The COPS dissector could go into an infinite loop CAN-2005-0006. The DLSw dissector could caus...
[ GLSA 200501-40 ] ngIRCd: Buffer overflow
Gentoo Linux Security Advisory GLSA 200501-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
KPdf, KOffice: Stack overflow in included Xpdf code
Background KPdf is a KDE-based PDF viewer included in the kdegraphics package. KOffice is an integrated office suite for KDE. Description KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact An attacker cou...