Git Input Validation Error Vulnerability (CNVD-2020-33252)

Git is a free, open source distributed version control system. An input validation error vulnerability exists in Git. An attacker can exploit this vulnerability to disclose sensitive information via a specially crafted malicious URL...

Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web...

Macs Framework 1.14f Cross Site Scripting / SQL Injection

Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2206 Release Date: ============= 2020-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting

Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://www.app2pro.com Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 CVE: N/A Document Title: =============== AirDisk Pro v5.5.3 iOS -...

TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities

Document Title: =============== TAO AP v3.3.0 RC02 - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2215 Release Date: ============= 2020-04-15 Vulnerability Laboratory ID VL-ID: ==================================== 2215...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

Use-after-free

WebKitGTK+ is vulnerable to use-after-free. It is possible for a remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-31270)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices have a security vulnerability that can be exploited by attackers to run applications in a locked Secure Folder without a password...

GHSA-VH95-RMGR-6W4M Prototype Pollution in minimist

Affected versions of minimist are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --proto.y=Polluted...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS showsubdirlastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the...

CVE-2020-5283

Removed by vendor...

Memory Corruption Vulnerability in DCCE HMIware at Dalian Polytechnic Computer Control Engineering Co.

DCCE HMIware configuration editing software, is a special human-machine interface configuration software developed for DCCE touch screen, the software provides users with a powerful integrated development environment, the product is widely used in the field of medical, chemical, electric power,...

Arbitrary File Read Vulnerability in AppVision's Video Surveillance System

Applusoft specializes in UHD, ultra-long focus, multi-spectral, thermal imaging products, technical services and overall customized solutions. AppVision's video surveillance system has an arbitrary file reading vulnerability, the vulnerability is due to its video surveillance backend does not do...

Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-30402)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to obtain thumbnails of content in private mode...

ImpressCMS 1.3.11 - Why you should not trust PHP_SELF

We scanned the at the time current version 1.3.11 of ImpressCMS and found an unauthorized SQL Injection vulnerability. The exploit affects installations that use PDO as a database driver. The issue was fixed in version 1.4.0, though the patch does not follow best practices and might not be...

Microsoft Warns of Critical Windows Zero-Day Flaws

Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said. According to Microsoft, two remote code execution vulnerabilities exist i...

Fuji Xerox printers buffer overflow vulnerability

Fuji Xerox is the world's largest manufacturer of digital and information technology products and a Fortune 500 company. Fuji Xerox series of printer products can meet a variety of different business needs. A wide range of black and white color digital printers offer high performance and quality....

Microsoft Windows Graphics Component Privilege Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. Graphics Components is one of the graphics components. A privilege vulnerability exists in...

CVE-2020-10376

Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffing the network for an "Authorization: Basic" HTTP header...