33 matches found
CVE-2013-10075
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DBFile will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted...
EUVD-2017-3307
Malware in sbrugna...
EUVD-2017-3305
Malware in sbrugna...
EUVD-2017-3308
Malware in sbrugna...
EUVD-2017-3306
Malware in sbrugna...
CVE-2022-43935 Switch passwords and authorization IDs are printed in the embedded MLS DB file
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file...
Cookie-Monster - BOF To Steal Browser Cookies & Credentials
Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handles and then filelessly download the target. Once the Cookies/Login Data files are...
Unauthenticated db-file-storage views
Impact In Nautobot 1.x and 2.0.x, the URLs /files/get/?name=... and /files/download/?name=... are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job...
CVE-2023-50263 Nautobot allows unauthenticated db-file-storage views
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs /files/get/?name=... and /files/download/?name=... are used to provid...
DEBIAN-CVE-2022-4399
A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It ...
CVE-2022-43935: Switch passwords and authorization IDs are printed in the embedded MLS DB file5
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. Products Affected Brocade SANnav versions before v2.2.2 Products Confirmed Not...
UAParser.js 0.7.29 Embedded Malware
According to its self-reported version number, UAParjser.js is 0.7.29, 0.8.0 or 1.0.0. Therefore, it may be affected by an embedded malicious code vulnerability due to an hijack in the maintainer's NPM account led to including an embedded malicious crypto minor in this package. Specifically, the...
Ubiquiti Configuration Importer
This module imports an Ubiquiti device configuration. The db file within the .unf backup is the data file for Unifi. This module can take either the db file or .unf. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
CVE-2017-11696
Heap-based buffer overflow in the hashopen function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...
CVE-2017-11697
The hashopen function in hash.c:229 in Mozilla Network Security Services NSS allows context-dependent attackers to cause a denial of service floating point exception and crash via a crafted cert8.db file...
CVE-2017-11696
Heap-based buffer overflow in the hashopen function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...
CVE-2017-11698
Heap-based buffer overflow in the getpage function in lib/dbm/src/hpage.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...
Design/Logic Flaw
The hashopen function in hash.c:229 in Mozilla Network Security Services NSS allows context-dependent attackers to cause a denial of service floating point exception and crash via a crafted cert8.db file...
CVE-2017-11695
Heap-based buffer overflow in the allocsegs function in lib/dbm/src/hash.c in Mozilla Network Security Services NSS allows context-dependent attackers to have unspecified impact using a crafted cert8.db file...