CVE-2021-28890

J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the 1 compId parameter to fast/sys/user/list, 2 deptId parameter to fast/sys/role/list, or 3 roleId parameter to fast/sys/role/authUser/list, related to the use of $ to join SQL statements...

Unspecified Vulnerability in Accusoft ImageGear (CNVD-2021-41083)

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. A security vulnerability exists in Accusoft ImageGear versions 19.8 and 19.9, which stems from an out-of-bounds write vulnerability in the program's JPG comp header processing functionality that can be...

PT-2019-5181 · Ncurses +8 · Ncurses +8

Name of the Vulnerable Software and Affected Versions: ncurses versions prior to 6.1-20191012 Description: The issue is related to a heap-based buffer over-read in the fmt entry function in tinfo/comp hash.c of the terminfo library. This could allow a remote attacker to disclose protected...

bilan-de-comp XSS vulnerability

Open Bug Bounty ID: OBB-719809 Description| Value ---|--- Affected Website:| bilan-de-comp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

CVE-2018-19558

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

Sql injection

An issue was discovered in arcms through 2018-03-19. SQL injection exists via the json/newslist limit parameter because of ctl/main/Json.php, ctl/main/service/Data.php, and comp/Db/Mysql.php...

UBUNTU-CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

CVE-2018-9310

An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root the default. This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system...

Independent lab tests again prove the excellence of Trend Micro Mobile Security for Android

Submitted by Ian Grutze For the fourth year in a row, as shown in AV Comparatives’ Anti-Virus Comparative Android Test 2018 - January 2018, Trend Micro Mobile Security for Android shows it provides 100% protection against malware. In this independent lab test, more than 200 mobile security produc...

comp-art.pl XSS vulnerability

Open Bug Bounty ID: OBB-581685 Description| Value ---|--- Affected Website:| comp-art.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CCN-lite Memory Disclosure Vulnerability

CCN-lite is a lightweight and functionally interoperable implementation of the CCNx protocol for XEROX PARC. A memory leak vulnerability exists in CCN-lite versions prior to 2.0.0. An attacker can cause a denial of service memory consumption by exploiting a failure to allocate memory for comp or...

CVE-2017-12467

Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service memory consumption by leveraging failure to allocate memory for the comp or complen structure member...

DEBIAN-CVE-2017-15022

dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...

Credentials Recovery: The LaZagne Project

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques plaintext, APIs, custom algorithms, databases, etc.. This tool has been developed for the purpose of finding these passwor...

UBUNTU-CVE-2017-13728

There is an infinite loop in the nextchar function in compscan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack...

UBUNTU-CVE-2016-4491

The dprintcomp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service segmentation fault and crash via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having "itself as ancestor more than once."...

CVE-2016-1236

Multiple cross-site scripting XSS vulnerabilities in 1 revision.php, 2 log.php, 3 listing.php, and 4 comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a a file or b directory in a repository...

ASMC GmbH - The Adventure Comp - Certificates or keys found, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application ASMC GmbH - The Adventure Comp published at the 'play' market has multiple vulnerabilities...

Stuxnet's First Five Victims Provided Path to Natanz

Stuxnet’s first five victims were a carefully crafted list of targets that ultimately provided the attackers with the road map they needed to get inside a uranium enrichment plant in Natanz, Iran and disrupt the country’s nuclear program. Cobbled together from clues left behind by the infamous...

Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in

Heap-based buffer overflow in the readchanneldata function in file-psp.c in the Paint Shop Pro PSP plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a PSPCOMPRLE aka RLE compression image file that begins a long run...