CVE-2023-49443

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack...

CVE-2023-49443

CVE-2023-49443 affects DoraCMS v2.1.8. The root cause is re-use of the same code to verify usernames and passwords, enabling brute-force access to the application. Documents describe impact as attacker access via brute force over the network (no user interaction). Mitigation in the sources includ...

Vulnerability Spotlight: How a code re-use issue led to vulnerabilities across multiple products

By Francesco Benvenuto. Recently, I was performing some research on a wireless router and noticed the following piece of code:...

CVE-2018-4911

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The...

Heap overflow

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file...

Design/Logic Flaw

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The...

Report: Application Security Still Mostly Sucks

The third State of Software Security SOSS report finds that software developers are still doing a poor job of making applications secure. Application testing firm Veracode, which compiled the report, found that 58% of almost 5,000 applications failing a security audit on the first pass – about th...