14 matches found
CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL
Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
GHSA-9HV9-GVWM-95F2 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Summary The standalone live stream control endpoint at plugin/Live/standAloneFiles/control.json.php accepts a user-supplied streamerURL parameter that overrides where the server sends token verification requests. An attacker can redirect token verification to a server they control that always...
CVE-2026-26234 JUNG Smart Visu Server - Improper Neutralization of HTTP Headers for Scripting Syntax
JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache...
EUVD-2018-10424
Malware in sbrugna...
CVE-2018-17924
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...
CVE-2018-17924
Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...
Buffer overflow
An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'deviceList' parameter for a post request,...
openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402)
MozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 boo969894 - MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and...
Security update for MozillaThunderbird (important)
MozillaThunderbird was updated to 38.7.0 to fix the following issues: Update to Thunderbird 38.7.0 boo969894 MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and history...
SUSE SLES10 Security Update : MozillaFirefox (SUSE-SU-2016:0820-1)
Mozilla Firefox was updated to 38.7.0 ESR, fixing the following security issues : MFSA 2016-16/CVE-2016-1952/CVE-2016-1953: Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17/CVE-2016-1954: Local file overwriting and potential privilege escalation through CSP reports MFSA...
Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:200)
Updated bugzilla packages fix security vulnerabilities : If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group CVE-2014-1571. An attacker creating a new...
IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability
漏洞起因 栈溢出导致的远程代码执行 影响系统 Lotus Domino Server Versions 8.0 and 8.5 on AIX, AIX 64bit, Linux, Linux iSeries, Linux, zSeries, Solaris, Windows, Windows 64bit, z/OS 危害 远程攻击者可以利用漏洞在服务器上执行任意代码。 攻击所需条件 攻击者构造包含特殊参数的邮件。 漏洞信息 未经身份验证的远程代码执行漏洞是由于代码在识别处理和转换 iCalendar...
The concept of the rookie version of Virus writing guide there was a sense of-vulnerability warning-the black bar safety net
The first issue: the JMP ESP address the versatility issue. F. EN, in two articles have emphasized the JMP ESP opcode in the memory of the address, it version is dependent, and emphasized one more chance to put on two versions of the return code can be one more chances of success. Start your own...