Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

GHSA-FGXV-GW55-R5FQ Authorization Bypass Through User-Controlled Key in go-zero

Summary Hello go-zero maintainer team, I would like to report a security concerning your CORS Filter feature. Details Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses...

Improper Input Validation

odoo is vulnerable to Improper Input Validation. The vulnerability exists due to the sandboxing issue in the library, which allows an authenticated attacker to read and write local files on the server...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

RHEL 8 : Red Hat OpenStack Platform 16.2 (openstack-nova) (RHSA-2022:0999)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0999 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

McAfee Endpoint Security (ENS) Cross-Site Request Forgery Vulnerability

McAfee Endpoint Security ENS is the United States McAfee McAfee company's set of framework for providing intelligent collaboration and advanced threat defense. The framework supports the entire threat defense lifecycle of real-time communications control and actionable threat forensics and so on....

CVE-2018-1999013

FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This...

Cross site scripting

Severalnines ClusterControl before 1.6.0-4699 allows XSS...

CVE-2017-16997

elf/dl-load.c in the GNU C Library aka glibc or libc6 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged setuid or ATSECURE program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillinrpath...

Fedora Update for drupal6-context FEDORA-2013-0246

Check for the Version of drupal6-context OpenVAS Vulnerability Test Fedora Update for drupal6-context FEDORA-2013-0246 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Fedora Update for gitolite3 FEDORA-2012-15731

Check for the Version of gitolite3 OpenVAS Vulnerability Test Fedora Update for gitolite3 FEDORA-2012-15731 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...

IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability

The host is running IBM DB2 and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2drdareqdosvuln.nasl 6018 2017-04-24 09:02:24Z teissa $ IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

Ruby '#to_s' Security Bypass Vulnerability

This host is installed with Ruby and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbrubysecbypassvulnwin.nasl 8196 2017-12-20 12:13:37Z cfischer $ Ruby "tos" Security Bypass Vulnerability Authors: Madhuri D Copyright: Copyright C 2011 Greenbone Networks GmbH,...

Ad Network Script - Persistent Cross-Site Scripting

Ad Network Script - Persistent Cross-Site Scripting 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://www.kaonsoftwares.com/ Price:330EUR :O Author : Sid3^effects aKa HaRi special thanks to : r0073r...

Fedora Update for pidgin FEDORA-2010-0368

Check for the Version of pidgin OpenVAS Vulnerability Test Fedora Update for pidgin FEDORA-2010-0368 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Zen Cart 1.3.8 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php ------- Zen Cart 1.3.8 Remote Code Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : errorreportingEALL ^...

VLC Media Player Stack Overflow Vulnerability (Lin-Mar09)

This host is installed with VLC Media Player and is prone to Stack Overflow Vulnerability. OpenVAS Vulnerability Test $Id: secpodvlcmediaplayerbofvulnlinmar09.nasl 5148 2017-01-31 13:16:55Z teissa $ VLC Media Player Stack Overflow Vulnerability Lin-Mar09 Authors: Nikita MR Copyright: Copyright c...

PT-1997-1001

Name of the Vulnerable Software and Affected Versions Mac OS versions affected versions not specified Cisco IOS versions affected versions not specified HP-UX versions affected versions not specified Tru64 UNIX versions affected versions not specified AIX versions affected versions not specified...

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Product Security Advisory Advisory ID: DUO-PSA-2015-001 Original Publication Date: 2015-02-03 Revision Date: 2015-02-10 Status: Confirmed, Fixed Document Revision: 3 Overview Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass prima...