6043 matches found
CVE-2018-20408
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...
CVE-2018-20408
An issue was discovered in Bento4 1.5.1-627. There is a memory leak in AP4StdcFileByteStream::Create in System/StdC/Ap4StdCFileByteStream.cpp, as demonstrated by mp42hls...
UBUNTU-CVE-2018-20409
An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls...
FUEL CMS Cross-Site Request Forgery Vulnerability (CNVD-2019-07072)
FUEL CMS is a content management system based on CodeIgniter. FUEL CMS 1.4.3 suffers from a cross-site request forgery vulnerability that can be exploited to add an administrator account via users/create/...
CVE-2018-20188
CVE-2018-20188 affects FUEL CMS 1.4.3, where a cross-site request forgery (CSRF) via the /users/create/ endpoint can be abused to add an administrator account. The connected Red Hat/ENISA/CNVD/NVD sources corroborate the same description, indicating the vulnerability status and impact as describe...
kernel: Use-after-free in snd_seq_ioctl_create_port()
A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...
postgresql: Missing authorization and memory disclosure in INSERT ... ON CONFLICT DO UPDATE statements
It was discovered that PostgreSQL failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limit...
CVE-2018-2497
SAP HANA audit logs fail to record SELECT events when they appear as part of CREATE TABLE AS SELECT in versions 1.0 and 2.0. This could leave such statements partially unlogged, limiting audit visibility for these CREATE TABLE AS SELECT constructs. The provided documents do not include a patch/r...
Code injection
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...
CVE-2018-2497
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...
CVE-2018-2497
The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...
Amazon Linux AMI : postgresql95 (ALAS-2018-1118)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
Amazon Linux AMI : postgresql96 (ALAS-2018-1119)
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with 'host' or 'hostaddr' connection parameters from untrusted input, attackers could bypass client-side...
aniloptiklens.com XSS vulnerability
Open Bug Bounty ID: OBB-707698 Description| Value ---|--- Affected Website:| aniloptiklens.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...
Buffalo TS5600D1206 Command Injection Vulnerability (CNVD-2019-00674)
The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. A command injection vulnerability exists in the User.create method in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited to execute system commands with the 'name' parameter...
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...
CVE-2018-13318
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter...
CVE-2018-19410
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...
kernel: Integer overflow in Linux's create_elf_tables function
An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...