9 matches found
EUVD-2007-3094
Malware in sbrugna...
HTML/CSS Injection
HTML/CSS Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically us...
FreeBSD : Spotipy -- Path traversal vulnerability (c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18 advisory. - Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a...
Content Injection
Content Injection is an attack that injects arbitrary characters into a web page. When an application does not properly handle user-supplied data, an attacker can supply content to a web application, typically via a parameter value which is then reflected in the page. This attack is typically use...
DEBIAN-CVE-2016-10739
In the GNU C Library aka glibc or libc6 through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the...
CVE-2017-2850
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in...
CGI Generic On Site Request Forgery (OSRF)
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with special characters like dots, slashes, backslashes, equal signs, question marks, etc. By leveraging this issue, an attacker may be able to cause arbitrary GET requests to be executed by a user when he...
Debian Security Advisory DSA 1694-1 (xterm)
The remote host is missing an update to xterm announced via advisory DSA 1694-1. OpenVAS Vulnerability Test $Id: deb16941.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1694-1 xterm Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
[SECURITY] New versions of epic4 fixes possible DoS vulnerability
--------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Martin Schulze August 26, 1999 --------------------------------------------------------------------------- We have received a report from the...