1555 matches found
DLL Hijacking Vulnerability in Netease Youtube Dictionary
NetEase Yudao Dictionary is an all-around free language translation software based on search engine technology produced by Guangzhou NetEase Computer System Co. A DLL hijacking vulnerability exists in Netease Youdao Dictionary, which can be exploited by attackers to gain server privileges...
There is a dll hijacking vulnerability in Youdao Dictionary
Youdao Dictionary is an all-around free language translation software based on search engine technology produced by NetEase Youdao. There is a dll hijacking vulnerability in Youdao Dictionary, which can be exploited by attackers to load a malicious dll and execute arbitrary code...
CVE-2019-2746
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Data Dictionary. Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2019-14833
A flaw was found in Samba in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASC...
Unspecified Vulnerability in Samsung Mobile Devices (CNVD-2020-32870)
Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An unspecified vulnerability exists in Samsung mobile devices, which can be exploited by attackers to perform downgrade and/or dictionary attacks...
CVE-2019-20575
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
CVE-2019-20575
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with P9.0 software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 August 2019...
CVE-2019-20575
The CVE-2019-20575 entry concerns Samsung mobile devices running P(9.0). The vulnerability lies in the WPA3 handshake, allowing a downgrade or dictionary attack. Affected component: WPA3 handshake implementation on Samsung devices (SVE-2019-14204 reference). The available connected records corrob...
EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2020-1231)
According to the versions of the samba packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-1231)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
maltrail
Maltrail is a malicious traffic detection system that utilizes publicly available blacklists containing malicious and/or generally suspicious trails. It also uses optional advanced heuristic mechanisms to help in discovery of unknown threats. The system can be configured to ignore certain events...
Urban Dictionary: Bypass voting restriction due to HTTP Header Injection
It is possible to bypass the voting restriction by adding a specially crafted HTTP-Header. The underlying algorithm uses the ip address to restirct the voting of a user. However, by manipulating the IP-Adress via adding the HTTP-Header "X-Forwarded-For" it is possible to vote a entry up or down...
CVE-2020-0017
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8...
CVE-2018-5389
It was found that IKEv1 and potentially IKEv2 authentication when using a pre-shared key PSK is vulnerable to offline dictionary attacks in Main Mode as well as in Aggressive Mode. A man-in-the-middle attacker who intercepted the handshake of two peers authenticating with a PSK, could apply a...
urdu.english-dictionary.help Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1074225 Security Researcher MrRain1996 Helped patch 1007 vulnerabilities Received 5 Coordinated Disclosure badges Received 9 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2019-2303)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for poppler (EulerOS-SA-2016-1059)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated freeradius packages fix security vulnerabilities
Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in bsi.dll in Bank Soft Systems BSS RBS BS-Client. Private Client aka RBS BS-Client. Retail Client 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 DICTIONARY, 2 FILTERIDENT, 3 FROMSCHEME, 4 FromPoint, ...