853 matches found
CVE-2020-26140
Removed by vendor...
CVE-2021-20294
A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality,...
EIPStackGroup OpENer EtherNet/IP Out-of-Bounds Reading Vulnerability
Eipstackgroup Opener is a software for providing EtherNet/IP stacking capabilities for IO adapter devices organized by Eipstackgroup . EIPStackGroup OpENer Ethernet/IP has an out-of-bounds read vulnerability that can be exploited to send specially crafted packets to read arbitrary data...
EIPStackGroup OpENer 缓冲区错误漏洞
Eipstackgroup Opener is a software for providing EtherNet/IP stacking capabilities for IO adapter devices organized by Eipstackgroup . EIPStackGroup OpENer Ethernet/IP has an out-of-bounds read vulnerability that can be exploited to send specially crafted packets to read arbitrary data...
GO-2021-0084 Incorrect permissions for critical resource in github.com/astaxie/beego
Session data is stored using permissive permissions, allowing local users with filesystem access to read arbitrary data...
PT-2021-15763
Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...
CVE-2021-20235
There's a flaw in the zeromq server in versions before 4.3.3 in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server...
GNU libmicrohttpd Buffer Overflow Vulnerability
GNU libmicrohttpd is a GNU open source application. Run the HTTP server as part of another application. A buffer overflow vulnerability exists in versions of libmicrohttpd prior to 0.9.71, which stems from the fact that a missing bounds check will result in a buffer overflow that can be exploited...
TYPO3 File Upload Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A file upload vulnerability exists in TYPO3, which can be exploited by an attacker to upload arbitrary data with arbitrary file extensions...
CVE-2021-21357
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...
Broken Access Control in Form Framework
Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types...
GHSA-3VG7-JW9M-PC3F Broken Access Control in Form Framework
Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types...
TYPO3 Access Control Bypass Vulnerability
TYPO3 is a free and open source content management system. An access control bypass vulnerability exists in TYPO3 Form Framework, which can be exploited by an attacker to bypass restrictions on submitting arbitrary data to the Form Designer back-end module...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. A file upload vulnerability exists in TYPO3, which can be exploited by an attacker to upload arbitrary data with arbitrary file extensions...
Broken Access Control in Form Framework
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework...
NETGEAR JGS516PE/GS116Ev2 Arbitrary Data Write Vulnerability
The NETGEAR JGS516PE/GS116Ev2 is a 16-port Gigabit Smart Managed Plus switch. An arbitrary data write vulnerability exists in the NETGEAR JGS516PE/GS116Ev2 version 2.6.0.43. The vulnerability stems from the TFTP firmware update mechanism not properly implementing firmware validation. A remote...
U.S. Dept Of Defense: HTTP Request Smuggling
hello dear support I have found HTTP Request Smuggling on www.████████ Issue description ============== HTTP request smuggling vulnerabilities arise when websites route HTTP requests through webservers with inconsistent HTTP parsing. By supplying a request that gets interpreted as being different...
Xxe
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
CVE-2021-27184
Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...
Code injection
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659...