Mattermost Improper Validation of Specified Type of Input vulnerability

Mattermost versions 10.1.x = 10.1.2, 10.0.x = 10.0.2, 9.11.x = 9.11.4, 9.5.x = 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side webapp and mobile DoS to users of particular channels, by sending a specially crafted post...

Maloja error page XSS vulnerability

Impact The error page for a missing path echoes the path back to the user. If this contains HTML, an attacker could execute a script on the user's machine inside the Maloja context and perform authorized actions like scrobbling or deleting scrobbles. This does not affect the security of your...

GHSA-4H72-34J6-J8X7 Maloja error page XSS vulnerability

Impact The error page for a missing path echoes the path back to the user. If this contains HTML, an attacker could execute a script on the user's machine inside the Maloja context and perform authorized actions like scrobbling or deleting scrobbles. This does not affect the security of your...

SUSE CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

Realtek RTL8195AM Buffer Overflow Vulnerability

The Realtek RTL8195AM is an IoT microcontroller from Realtek Semiconductor Taiwan, China.The buffer overflow vulnerability exists in versions prior to Realtek RTL8195AM 2.0.10, which stems from the lack of effective handling of large text lengths in the software, resulting in a stack buffer...

OpenSMTPD < 6.6.3p1 - Local Privilege Escalation / Remote Code Execution Exploit

/ LPE and RCE in OpenSMTPD's default install CVE-2020-8794 Copyright C 2020 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or at...

Amazon Linux 2 : httpd (ALAS-2019-1341)

A cross-site scripting vulnerability was found in Apache httpd, affecting the modproxy error page. Under certain circumstances, a crafted link could inject content into the HTML displayed in the error page, potentially leading to client-side exploitation.CVE-2019-10092 A vulnerability was...

WordPress Unconfirmed Plugin 's'插件跨站脚本漏洞

Bugtraq ID:66781 WordPress是一种使用PHP语言开发的博客平台，用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Unconfirmed插件不正确过滤's'参数，远程攻击者可以利用漏洞构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 WordPress Unconfirmed Plugin 1.2.4 WordPress Unconfirmed 1.2.5版本已修复该漏洞，建议用户下载使用： http://wordpress.org/plugins/unconfirmed...

Immunity Canvas: JAVA_DYNAMICBINDING

Name| javaDynamicBinding ---|--- CVE| CVE-2013-2423 Exploit Pack| CANVAS Description| javaDynamicBinding Notes| CVE Name: CVE-2013-2423 VENDOR: Sun Notes: A vulnerability in MethodHandle allows to overwrite public final fields. This can be abused in order to disable Java Sandbox. The current...

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date :...

Lessons Learned From the Aurora Attacks

It’s been more than two weeks now since the cyber-end of the cyber-world caused by the cyber-attacks on the cyber-networks of Google, Adobe and several other high tech companies, and amid all of the noise and hand-wringing there has been precious little in the way of cool, logical analysis of wha...

Immunity Canvas: MS09_051

Name| ms09051 ---|--- CVE| CVE-2009-0555 Exploit Pack| CANVAS Description| ASFAudiomedia Parsing bug Notes| CVE Name: CVE-2009-0555 VENDOR: Microsoft MSADV: MS09-051 Repeatability: One Shot MSRC: http://www.microsoft.com/technet/security/Bulletin/MS09-051.mspx Note: This is a client-side exploit ...

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...

eBD-en.txt

=============================== - Advisory - =============================== Tittle: Several flaws in e-business designer Risk: Critical Date: 03.May.2006 Author: Pedro Andújar URL: http://www.digitalsec.es http://www.514.es/ .: INTRO :. eBD is an Integrated Development Environment for the...

Immunity Canvas: MS06_014

Name| ms06014 ---|--- CVE| CVE-2006-0003 Exploit Pack| CANVAS Description| RDS Datastore MS06-014 Notes| CVE Name: CVE-2006-0003 VENDOR: Microsoft MSADV: MS06-014 Repeatability: Infinite client side - no crash MSRC: http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx CVE Url:...

MPlayer 0.91.0 - MMST Get_Header Remote Client-Side Buffer Overflow

MPlayer 0.91.0 - MMST GetHeader Remote Client-Side Buffer Overflow // source: https://www.securityfocus.com/bid/11962/info A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of...

FreeBSD-SA-00:72.curl

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:72 Security Advisory FreeBSD, Inc. Topic: curl client-side vulnerability Category: ports Module: curl Announced: 2000-11-20 Credits: Wichert Akkerman Affects: Ports...

Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/1525/info In February of 2000 CERT Coordination Center released an advisory titled "Malicious HTML Tags Embedded in Client Web Requests" advisory attached in 'Credit' section". This advisory was a joint release by the CERT Coordination Center, DoD-CERT, t...

Microsoft Internet Explorer 45 Outlook 98 - window.open Redirect

Microsoft Internet Explorer 45 Outlook 98 - window.open Redirect Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Outlook 98 0 window.open Redirect Vulnerability source: https://www.securityfocus.com/bid/766/info...