54 matches found
EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1255)
According to the version of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating ...
CVE-2018-16048
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Missing Authorization Control for API Repository Storage...
FreeBSD : Gitlab -- multiple vulnerabilities (ffeb25d0-ac94-11e8-ab15-d8cb8abf62dd)
Gitlab reports : Persistent XSS in Pipeline Tooltip GitLab.com GCP Endpoints Exposure Persistent XSS in Merge Request Changes View Sensitive Data Disclosure in Sidekiq Logs Missing CSRF in System Hooks Orphaned Upload Files Exposure Missing Authorization Control API Repository Storage C Tenable...
Xxe
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11314
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11314
CVE-2018-11314 affects Roku and Roku TV External Control API. The vulnerability enables unauthorized remote control via DNS rebinding, potentially exposing privileged device and network information. Documented impact includes remote device control and data exfiltration on affected Roku platforms;...
CVE-2018-11314
The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2016-8437
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...
CVE-2016-8437
Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR1009695...
shopnc o2o版三处SQL注入打包
简要描述: 直接出数据 详细说明: 先来五个互联网实例 http://www.0795hui.com/circle/index.php?act=api&op=getthemelist&datacount=1%20procedure%20analyseextractvaluerand,concat0x3a,user,1 http://www.hfmy.cc/modules/circle/index.php?act=api&op=getthemelist&datacount=1%20procedure%20analyseextractvaluerand,concat0x3a,user,1...
Design/Logic Flaw
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API...
CVE-2009-1037
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API...
CVE-2009-1037
CVE-2009-1037 affects Drupal’s Send by e-mail module within the "Printer, e-mail and PDF versions" module. The vulnerability concerns the flood control API and allows remote attackers to cause unlimited spam messages via vectors related to flood control behavior. Affected versions are 5.x before ...
CVE-2009-1037
Unspecified vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to send unlimited spam messages via unknown vectors related to the flood control API...