CVE-2024-34358

TYPO3 ShowImageController vulnerability: the frame parameter is not cryptographically HMAC-signed, allowing an attacker to trigger server-side generation of thumbnails and potentially exhaust resources. Affected are TYPO3 versions 9.0.0 up to, but not including, 9.5.48 ELTS; 10.4.45 ELTS; 11.5.37...

CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController eID txcmsshowpic lacks a cryptographic HMAC-signature on the frame HTTP query parameter e.g...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists because node transactions are not properly handled which allows an attacker to cause an application crash by creating arbitrary number of nodes...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The vulnerability exists during the node transaction which allows an attacker to cause an application crash by creating arbitrary number of nodes...

Cisco IOS and Cisco IOS XE Software Input Validation Error Vulnerability

Cisco IOS and Cisco IOS XE Software are both products of the U.S. company Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IO...

Code injection

ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...

All For One Information Disclosure Vulnerability

All For One is an Ether-based gambling game. An information disclosure vulnerability exists in the 'maxRandom' function in All For One's smart contract implementation, which stems from the program's use of publicly readable variables to generate arbitrary values. An attacker could use the...

CVE-2017-8852

SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note...

Android Telecom Component Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA in the U.S. Telecom is one of the communication components. An elevation of privilege vulnerability exists in the Telecom component of Android. An attacker could exploit this...

HP Data Protector - Remote Command Execution

HP Data Protector - Remote Command Execution """ HP Data Protector Arbitrary Remote Command Execution This script allows to execute a command with an arbitrary number of arguments. The trick calls 'perl.exe' interpreter installed with HP Data Protector inside the directory installpath/bin/. The...