10 matches found
Session Fixation
Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Session Fixation via the constantTimeEqual function in the crypto/buffer.ts file. An attacker can cause arbitrary user sessions to be revoked by forging...
WebServer 安全漏洞
WebServer is a C++ Linux WebServer server by MARK Individual Developers. A security vulnerability exists in WebServer version 1.0, which stems from a buffer overflow caused by the operation of the Buffer::HasWritten function on the writePos parameter in file code/buffer/buffer.cpp...
SUSE CVE-2023-5003
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so...
PT-2023-18475 · Qualcomm · Qualcomm Chipsets
Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue is related to memory corruption in the camera while installing a file descriptor for a particular DMA buffer. This can potentially lead to code execution. Recommendation...
CVE-2023-5003
The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so...
PT-2023-31457 · WordPress · Active Directory Integration / Ldap Integration
Name of the Vulnerable Software and Affected Versions: Active Directory Integration / LDAP Integration WordPress plugin versions prior to 4.1.10 Description: The issue concerns the storage of sensitive LDAP logs in a buffer file when an administrator exports them. Unfortunately, this log file is...
Google protobuf 代码问题漏洞
Google protobuf is a data interchange format from Google, Inc. A code issue vulnerability exists in Google protobuf that stems from Nullptr dereferencing when null characters are present in the original symbol. The symbols are parsed incorrectly, resulting in an unchecked call to the name of the...
[slackware-security] curl
New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.55.0-i586-1slack14.2.txz: Upgraded. This update fixes three security issues: URL globbing out of...
pgpdump resource management error vulnerability
pgpdump is a PGP visualization toolkit for displaying OpenPGP format messages. A security vulnerability exists in the 'readbinary' function in the buffer.c file in versions of pgpdump prior to 0.30. An attacker can exploit this vulnerability with the help of specially crafted input to cause a...
Solaris <= 2.6 Profiling File Creation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/659/info A vulnerability in the dynamic linkers while profiling a shared object allows local users to create arbitrary files in the system. It canno't be used to overwrite existing files. If the LDPROFILE environment...