Design/Logic Flaw

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

CVE-2020-25928

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code remote. The component is: DNS response processing functions: dnsupcall, getoffset, dncsetanswer. The attack vector is: a specific DNS response packet. The code does not che...

CVE-2020-25927

The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service remote. The component is: DNS response processing in function: dnsupcall. The attack vector is: a specific DNS response packet. The code does not check whether the number o...

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

Hardcoded credentials

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

CVE-2021-38751

A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponentconstants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM...

Hospital Management System 跨站脚本漏洞

PHPGurukul Hospital Management System is a PHP and MySQL based hospital management system. PHPGurukul Hospital Management System is vulnerable to cross-site scripting, which can be exploited by attackers to execute js code via prescribe.php...

GPAC 安全漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering.The MPEG-4 decoding feature of GPAC Project on Advanced Content library 1.0.1 suffers from an integer...

CVE-2021-31399

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack...

AT&T Labs Xmill 缓冲区错误漏洞

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

Rust 安全漏洞

A security vulnerability exists in the Iced-x86 crate of Mozilla Rust version 1.10.3, which could be exploited by attackers to launch further attacks on the system...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. playXE/cgc for Mozilla Rust suffers from a memory corruption vulnerability that can be exploited by attackers to cause data contention...

Cross-Site Request Forgery (CSRF) in zhongshaofa/easyadmin

✍️ Description Attacker able to delete any menu with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

Use of a Broken or Risky Cryptographic Algorithm in serghey-rodin/vesta

✍️ Description uniqid does not generate cryptographically secure strings, even if it did, supplying it with mtrand would render it insecure as an attacker would be able to gain access to a victim's account by simply knowing when they logged in, this could be used as a mass-account-takeover vector...

grub2: Heap out-of-bounds write due to miscalculation of space required for quoting

A flaw was found in grub2. Setparamprefix in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in th...

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encry...

PT-2021-3668 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 12.3 prior to 12.3R12-S19 Juniper Networks Junos OS versions 15.1 prior to 15.1R7-S10 Juniper Networks Junos OS versions 17.3 prior to 17.3R3-S12 Juniper Networks Junos OS versions 18.4 prior to 18.4R3-S9...

IBM Cloud Pak for Applications 加密问题漏洞

IBM Cloud Pak for Applications is an application from IBM USA, Inc. A security vulnerability exists in IBM Cloud Pak for Applications version 4.3, which stems from the application's use of an improper encryption algorithm. An attacker could exploit the vulnerability to be able to decrypt highly...

MTN Group: HTML injection in email content during registration via FirstName/LastName parameter

Summary: Hi, I just found an issue when register account in https://mtnmobad.mtnbusiness.com.ng//auth/registerUser It allows an attacker to inject malicious text include html code in email content. Steps To Reproduce: 1. Go to https://uat.id.manulife.ca/mortgagecreditor/register?uilocales=en-CA. ...