2022 matches found
Lithium Forum Server-Side Request Forgery
Document Title: =============== Lithium Forum - Compose Message SSRF Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2030 Release Date: ============= 2017-02-20 Vulnerability Laboratory ID VL-ID: ==================================== 2030...
Apple macOS Sierra IOAudioFamily Memory Leak Vulnerability
Apple macOS Sierra is a specialized operating system developed by Apple for Mac computers.IOAudioFamily is one of the input and output audio components. A memory leak vulnerability exists in IOAudioFamily in Apple macOS Sierra. An attacker can exploit this vulnerability to obtain kernel memory...
Nitro Pro Remote Code Execution Vulnerability
Nitro Pro is a U.S. company Nitro PDF production and management software. A remote code execution vulnerability exists in the PDF parsing feature of Nitro Pro 10. An attacker could exploit the vulnerability to send a specific PDF file to the victim, leading to potential code execution...
Memory corruption
A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability...
Google Android Filesystem Information Disclosure Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An information disclosure vulnerability exists in Google Android Filesystem. Attackers can use this vulnerability to obtain sensitive information and launch further attacks...
BitlBee Denial of Service Vulnerability
BitlBee is an irc server. A denial of service vulnerability exists in BitlBee. An attacker could exploit this vulnerability to cause a denial of service...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
Arbitrary file deletion
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
CVE-2017-5595
A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile, which allows an authenticated attacker to read local system files e.g., /etc/passwd in the context of the web server user www-dat...
mod_cluster: Protocol parsing logic error
An error was found in protocol parsing logic of modcluster load balancer Apache HTTP Server modules. An attacker could use this flaw to cause a Segmentation Fault in the serving httpd process...
PHP 'ext/pcre/php_pcre.c' Information Disclosure Vulnerability
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. PHP...
CVE-2016-5697
Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors...
SAP HANA Information Disclosure Vulnerability (CNVD-2016-13026)
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. SAP HANA has an information disclosure vulnerability that can be exploited by attackers to obtain...
Microsoft Internet Explorer 9 - IEFRAME CMarkupPointer::MoveToGap Use-After-Free
!-- Source: http://blog.skylined.nl/20161215001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. The use appears to happen only once almost immediately after the free, which makes practical exploitation unlikely. Known affecte...
Design/Logic Flaw
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...
LocalTapiola: Reflected XSS on sankarikoulutus (viestinta.lahitapiola.fi)
Basic report information Summary: Hi, The ctx parameter in http://viestinta.lahitapiola.fi/webApp/sankarikoulutus, can be exploited to perform an XSS Attack. Description: When a user clicks on a map area, The following POST request is generated : POST / HTTP/1.1 Host: viestinta.lahitapiola.fi...
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Exploit for windows platform in category dos / poc window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-let...
Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)
Source: http://blog.skylined.nl/20161205001.html Synopsis A specially crafted web-page can trigger a memory corruption vulnerability in Microsoft Edge. I did not investigate this vulnerability thoroughly, so I cannot speculate on the potential impact or exploitability. Known affected software and...
Mozilla Firefox URL Redirection Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A remote URL redirection vulnerability exists in Mozilla Firefox. An attacker can exploit this vulnerability by constructing a malicious URL to trick users into clicking on a link and being...