CVE-2012-4551

Use-after-free vulnerability in libunity-webapps before 2.4.1 allows remote attackers to cause a denial of service memory corruption and crash and possibly execute arbitrary code via a crafted web site, related to "certain hash tables."...

CVE-2024-8763

A Regular Expression Denial of Service ReDoS vulnerability exists in the lunary-ai/lunary repository, specifically in the compileTextTemplate function. The affected version is git be54057. An attacker can exploit this vulnerability by manipulating the regular expression /.?/g, causing the server ...

CVE-2024-11248

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely...

CVE-2023-24012 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Open DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

LLMjacking: An Attack Method for Stealing Cloud Credentials

...

Important: gnutls

Issue Overview: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker wou...

CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

CVE-2023-26555

praecisparse in ntpd/refclockpalisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver...

DuxCMS 安全漏洞

DuxCMS is an open source content management system. A security vulnerability exists in DuxCMS version 2.1, which results in cross-site request forgery due to the operation of some of its unknown code. The attack method has been made public and can be initiated remotely, and is at risk of being...

Pwn 跨站请求伪造漏洞

Pwn is an application by the individual developer of H.U.C - White Sea CTF-hacker. Pwn suffers from a security vulnerability that stems from an unknown section of its delete.html file that allows an attacker to implement cross-site request forgery. The attack method is publicly available and can ...

CVE-2022-30768

A Stored Cross Site Scripting XSS issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin or non-Admin users that can see other users logged into the platform clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 an...

Citrix ADC - HTTP Request Smuggling Reference Guide

HTTP request smuggling is a type of attack that takes advantage of differences between the way sequences of HTTP requests are processed by a web server and one or more intermediate devices, like a Citrix ADC load balancer or other Traffic Management features. HTTP Request smuggling attacks are...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4, which stems from an unknown handler in its mp4decrypt component that allows an attacker to implement a memory leak. The attack method is publicly available and can be initiated...

Company Website CMS 代码问题漏洞

Company Website CMS is a company website/CMS by Torrahclef Individual Developer. Company Website CMS is vulnerable to a code issue that originates from the operation of some unknown handler code that results in an unrestricted upload. The attack methodology is publicly available and can be...

Alphaware Simple E-Commerce System 代码问题漏洞

Alphaware Simple E-Commerce System is an e-commerce system by razormist individual developers. The Alphaware Simple E-Commerce System suffers from a code issue that arises from an unknown portion of the adminfeature.php code in its backend administration interface that allows an attacker to perfo...

Online Admission System 跨站脚本漏洞

Online Admission System is an online admission system by the individual developer RASHMI KUMARI. A cross-site scripting vulnerability exists in the Online Admission System, which originates from an unknown function in its component index.php that passes a special string to the parameter eid,...

Online Admission System SQL注入漏洞

Online Admission System is an online admission system by the individual developer RASHMI KUMARI. The Online Admission System suffers from a SQL injection vulnerability that stems from an unknown function in its GET parameter handling component that operates on the parameter eid, which could lead ...

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2021-36325)

IBM Cloud Pak for Security is an application from IBM America, Inc. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster. An information disclosure vulnerability exists in IBM Cloud Pak for Security...

Weak password vulnerability in FC-Series (CNVD-2021-37545)

FLIR Systems, Inc. specializes in the design, development, production, marketing and promotion of specialized technologies for enhanced situational awareness. Through thermal imaging, visible light imaging, video analytics, measurement and diagnostics, and advanced threat detection systems, we...

Acronis: HTTP Request Smuggling on https://consumer.acronis.com

Summary The website https://consumer.acronis.com is vulnerable to HTTP Request Smuggling which can be abused by an attacker to redirect all the users to a malicious website. A redirect can be forced by changing the Host request header using the path /sf but the website will redirect you to...