1118 matches found
Sql injection
dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /api/v1/containers orderby parameter. The PaginatorOrdered classes that are used to paginate results of a REST endpoints do not sanitize the orderBy parameter and in some cases it is vulnerable to SQL injection attacks. A user mus...
Command Execution Vulnerability in Homework Help Live Classes Student Side PC Client Software
Homework Help Live Classes is a premium online live tutoring product under Homework Help. Homework Help Live Classes student-side pc client software has a command execution vulnerability that can be exploited by an attacker to inject an executable DLL file into the client process. An attacker can...
Online Learning Management System 1.0 Cross Site Scripting
Exploit Title: Online Learning Management System 1.0 - Multiple Stored XSS Exploit Author: Aakash Madaan Godsky Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html Software Link:...
Deserialization Of Untrusted Object
jackson-databind is vulnerable to deserialization of untrusted data that can lead to remote code execution. It is possible because untrusted classes org.apache.commons.dbcp2.datasources.SharedPoolDataSource was not filtered by default from the interaction between serialization gadgets and...
Smart DNS for the New Network: Optimizing Content Delivery
This is the third in a series of blog posts that will discuss how smart DNS resolvers can enhance ongoing internet service provider ISP and mobile network operator MNO network transformation efforts, such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize...
CVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON...
CVE-2020-14193
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...
Sql injection
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...
Template injection vulnerability in Automation for Jira smart values - CVE-2020-14193
Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & /jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are thos...
Information Disclosure
Moodle uses insecure access control. The deprecated configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If...
python: DoS via inefficiency in IPv{4,6}Interface classes
A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...
python: DoS via inefficiency in IPv{4,6}Interface classes
A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...
python: DoS via inefficiency in IPv{4,6}Interface classes
A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...
Moderate: python38:3.8 security, bug fix, and enhancement update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
python: DoS via inefficiency in IPv{4,6}Interface classes
A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...
python: DoS via inefficiency in IPv{4,6}Interface classes
A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects,...
Moderate: Red Hat Security Advisory: rh-python36 security, bug fix, and enhancement update
An update for rh-python36-python, rh-python36-python-pip, and rh-python36-python-virtualenv is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives...
mail.vietnamesecookingclasses.com Cross Site Scripting vulnerability OBB-1422429
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...