Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Limited Liability Company suffers from logic flaw vulnerability

Libstar Intelligent Library Service Platform is a library management system that utilizes a service-oriented architecture framework. Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Co., Ltd. has a logic flaw vulnerability that can be exploited by an attacker to...

Enterprise Token Ecosystem Digital Error Vulnerability

Enterprise Token Ecosystem ETE ContractName:NetkillerToken is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in ETE's smart contract implementation. An attacker could use this vulnerability to set the balance of any user to an arbitrary...

The vulnerability of the Windows Error Reporting Manager’s error report dispatcher in Microsoft Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Error Reporting Manager’s error reporting dashboard in Microsoft Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...

File upload vulnerability in beescms backend

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in the beescms backend. An attacker can exploit the vulnerability to upload malicious files and gain server privileges...

Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...

MGASA-2020-0233 Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...

SQL Injection Vulnerability in Website Building System of Zonglian Information Technology Co.

Zonglian Technology customizes the official website for each enterprise, and establishes the website construction plan suitable for the enterprise according to the budget, design, industry and enterprise image. With the appropriate display, display effect, site framework, through the integration ...

keycloak: security issue on reset credential flow

A flaw was found in the reset credential flow in Keycloak. This flaw allows an attacker to gain unauthorized access to the application...

containers/image: Container images read entire image manifest into memory

A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashi...

CVE-2020-10691

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install. When extracting a collection .tar.gz file, the directory is created without sanitizing the filename. An attacker could take advantage to overwrite any file with...

Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents

The Apache Openofffice project reports: CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents Description A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the...

MyBO has a flawed logic vulnerability

MyBO is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in MyBO's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

Project Open v5.0.3 PMS - Multiple Web Vulnerabilities

Document Title: =============== Project Open v5.0.3 PMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2225 Release Date: ============= 2020-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 22...

CVE-2020-10913

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Git Input Validation Error Vulnerability (CNVD-2020-33252)

Git is a free, open source distributed version control system. An input validation error vulnerability exists in Git. An attacker can exploit this vulnerability to disclose sensitive information via a specially crafted malicious URL...

Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web...

Macs Framework 1.14f Cross Site Scripting / SQL Injection

Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2206 Release Date: ============= 2020-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities

Document Title: =============== TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2215 Release Date: ============= 2020-04-15 Vulnerability Laboratory ID VL-ID: ==================================== 2215...

AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting

Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://www.app2pro.com Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 CVE: N/A Document Title: =============== AirDisk Pro v5.5.3 iOS -...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...