openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

Denial Of Service (DoS)

sqlite is vulnerable to denial of service DoS. The vulnerability exists in SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

app.campizza.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1157522 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c

It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing...

dnsmasq: memory leak in the create_helper() function in /src/helper.c

A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory lea...

Pixl-class Operating System Command Injection Vulnerability

pixl-class is a Node.js module for creating classes with inheritance and mixins. An operating system command injection vulnerability exists in pixl-class versions prior to 1.0.3. The vulnerability can be exploited to execute arbitrary commands with the 'member' parameter in the 'create' function...

CVE-2020-7640

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

Code injection

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization...

CVE-2020-7640

CVE-2020-7640 describes an OS command injection in pixl-class prior to version 1.0.3. The vulnerability arises because the members parameter of the create function is not sanitized, allowing an attacker to execute arbitrary commands. Affected: pixl-class (Node.js module) before 1.0.3. Impact per ...

CVE-2020-12129

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function...

CVE-2020-12129

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function...

Cross site scripting

The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder parameter of the Create Folder function...

Oracle Financial Services Applications Financial Services Liquidity Risk Management Unauthorized Access Vulnerability

Financial Services Applications Financial Services Liquidity Risk Management is an Oracle Financial Services Applications Component: User Interface Oracle Financial Services Liquidity Risk Management product from Oracle Corporation. Oracle Financial Services Applications Financial Services...

CVE-2020-2737

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via...

CVE-2020-2735

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise...

Octech Oempro Cross-Site Scripting Vulnerability (CNVD-2020-25974)

Octech Oempro is a suite of email marketing software from Octech USA. A cross-site scripting vulnerability exists in the 'CampaignName' parameter of the Campaign.Create command in Octech Oempro versions 4.7 through 4.11. The vulnerability stems from a lack of proper validation of client-side data...

CVE-2020-9461

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable...

CVE-2020-9460

Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable...

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld...

Secdo: Privilege escalation via hardcoded script path

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk C:\ to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo...