2025 matches found
Denial of service
A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of servi...
Malicious code in ccx (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4b65e79327daa2cc5ec5b36d4f94dde43607d8cb595f276122659ef69d86a25a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...
CVE-2022-44571
CVE-2022-44571 describes a denial-of-service in Rack’s Content-Disposition parsing, impacting applications that parse multipart posts (virtually all Rails apps). The issue can be triggered by crafted input causing extended parsing time. Fixed in Rack versions 2.0.9.2, 2.1.4.2, 2.2.4.1, and 3.0.0....
Future-Depth Institutional Management Website 代码问题漏洞
Future-Depth Institutional Management Website is a user-friendly institutional website from the individual developers at Future-Depth that offers various types of courses for students. A security vulnerability exists in Future-Depth Institutional Management Website IMS version 1.0. An attacker...
Experts Warn of 'Ice Breaker' Cyberattacks Targeting Gaming and Gambling Industry
A new attack campaign has been targeting the gaming and gambling sectors since at least September 2022, just as the ICE London 2023 gaming industry trade fair event is scheduled to kick off next week. Israeli cybersecurity company Security Joes is tracking the activity cluster under the name Ice...
Open redirect
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 2 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...
CVE-2022-44717
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...
xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...
CVE-2023-0284
CVE-2023-0284 affects Checkmk with improper input validation of LDAP user IDs. Affected: Checkmk <= 2.1.0p19, Checkmk
Updated viewvc packages fix security vulnerability
ViewVC is vulnerable to cross-site scripting. The impact of these vulnerabilities is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by an otherwise trusted ViewVC instance. The attack vector involves files with unsafe names names that, when...
CVE-2022-4443 BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
RONDS EPM 信息泄露漏洞
RONDS EPM is an application from RONDS, Inc. An information disclosure vulnerability exists in RONDS EPM version 1.19.5. An attacker could exploit this vulnerability to execute operating system OS commands...
Froxlor 命令注入漏洞
Froxlor is a lightweight server management software from the Froxlor team. A command injection vulnerability exists in Froxlor versions prior to 2.0.8, which stems from the presence of command injection...
CVE-2017-16310
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...
PT-2023-10544 · Smarthome · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...
UBUNTU-CVE-2023-0135
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. Chromium security severity: Medium...
TokenggAVAX.sol : First depositor can break minting of shares
Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...
memos 安全漏洞
memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos, which can be exploited by an attacker to change a user's language preference...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
Heap overflow
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger...