208 matches found
CVE-2018-11330
Pluck CMS (before 4.7.6) is affected by an authenticated stored XSS vulnerability due to improper restriction of the character set for filenames. This is consistently reported across CVE-2018-11330 entries in NVD, Red Hat, CNVD, OSV, and related records. No exploit details or remediation version ...
CVE-2018-11330
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted...
Fedora 26 : glibc (2017-2c63df4fe3)
This update addresses various minor issues in the glibc package : - The DNS stub resolver now picks up changes to /etc/resolv.conf automatically RHBZ1374239. - The DNS stub resolver supports an unlimited number of search domains RHBZ168253. - CVE-2015-5180, a segmentation fault potentially...
[SECURITY] Fedora 25 Update: recode-3.6-43.fc25
The recode' converts files between character sets and usages. It recognizes or produces nearly 150 different character sets and is able to transliterate files between almost any pair. When exact transliteration are not possible, it may get rid of the offending characters or fall back on...
SQL Injection
opencart is vulnerable to SQL injection attacks. It is possible because it uses improper character set in mysql.php at the server level, allowing the attackers to perform multi-byte attack...
Default credentials
DISPUTED An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited s...
CVE-2017-9853
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...
Sql injection
In install/pagedbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of GBK in CHARACTER SET and COLLATE clauses...
F5 Networks BIG-IP : Linux kernel vulnerability (K90803619)
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a 'double fetch' vulnerability. CVE-2016-6136 Impact Locall...
TYPO3 News Module SQL Injection
Exploit Title: TYPO3 News Module SQL Injection Vendor Homepage: https://typo3.org/extensions/repository/view/news Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/typo3-news-module-sqli !/usr/bin/python3 TYPO3 News Module SQL Injection...
Mastery OA /general/ems/manage/search_excel. php file SQL injection vulnerabilities
Width byte injection occurs the position is that PHP sends a request to the MYSQL character set to use the charactersetclient setting a value for an encoding, the GET parameters if it contains“%df%27”, addslashes encoded into‘\’ variable“%df%5c%27”, in MySQL in the processing use the gbk characte...
CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
CVE-2016-6136
CVE-2016-6136 is a Linux kernel race condition in audit_log_single_execve_arg (auditsc.c) that can allow a local user to bypass character-set restrictions or disrupt system-call auditing via a double-fetch flaw. Connected advisories confirm multiple vendors map this CVE to Linux kernel fixes; rem...
CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
UBUNTU-CVE-2016-6136
Race condition in the auditlogsingleexecvearg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability...
CVE-2015-8708
Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...
CVE-2015-8708
Stack-based buffer overflow in the conveuctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614...