5255 matches found
The vulnerability of the HTTP_ST component in the D-Link DIR-859 router’s microprogramming system arises from the failure to take measures to neutralize specific elements used in the operating system commands. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of the HTTPST component in the D-Link DIR-859 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
The vulnerability of the REMOTE_PORT component of the D-Link DIR-859 router’s microprogramming system exists due to the failure to take measures to neutralize specific elements used in the operating system commands. This vulnerability allows a hacker to execute arbitrary commands.
The vulnerability of the REMOTEPORT component of the D-Link DIR-859 router’s microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the Linux operating system’s kernel exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. This allows attackers to execute arbitrary code.
The vulnerability of the Linux operating system’s kernel exists because measures to neutralize special elements used in the operating system commands have not been implemented. Exploiting this vulnerability allows an attacker to execute arbitrary code...
CVE-2018-1000632
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...
openSUSE Security Update : librsvg (openSUSE-2020-343)
This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numb...
SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2020:0629-1)
This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues : CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...
CVE-2020-10247
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...
Design/Logic Flaw
MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/Events/View/sightingfield.ctp...
Cross-Site Scripting (XSS)
@instructure/ui-elements is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to lack of proper truncation of texts in argument Text in 'Truncator.js' , allowing an attacker to inject malicious scripts...
FreeBSD : librsvg2 -- multiple vulnabilities (b66583ae-5aee-4cd5-bb31-b2d397f8b6b3)
Librsvg2 developers reports : Backport the following fixes from 2.46.x : Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...
The vulnerability of the File.fnmatch method in the Ruby programming language allows a hacker to gain unauthorized access to protected information.
The vulnerability of the File.fnmatch method in the Ruby programming language exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using a specially...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
librsvg2 -- multiple vulnerabilities
Librsvg2 developers reports: Backport the following fixes from 2.46.x: Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...
Mozilla: Incorrect parsing of template tag could result in JavaScript injection
If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...
The vulnerability of the Necko web library in the Firefox browser is related to a access failure to child elements during an incorrect flow during the UDP connection. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Necko web library in the Firefox browser is related to an access error for a child element during a wrong transmission process in a UDP connection. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause...
The vulnerability of the SAP Gateway development environment and the SAP UI5 software platform, which exists due to the lack of measures to neutralize special elements, allows attackers to compromise data integrity.
The vulnerability of the SAP Gateway and the SAP UI5 software platform exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability can allow a malicious actor to compromise data integrity from a remote location...
The vulnerability of the Apache SpamAssassin spam filtering software lies in its failure to address the neutralization of special elements used in the operating system command line. This allows attackers to execute arbitrary commands on the target system.
The vulnerability of the Apache SpamAssassin spam filtering software exists because measures are not taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by loadi...
The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers stems from the failure to address the issue of eliminating special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the root user in the target system.
The vulnerability of D-Link DIR-818Lx, DIR-822, DIR-823, DIR-859, DIR-865L, DIR-868L, DIR-869, DIR-880L, DIR-890L/R, DIR-885L/R, and DIR-895L/R routers exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerabilit...
Pytm - A Pythonic Framework For Threat Modeling
Define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram DFD, a Sequence Diagram and most important of all, threats to your system. Requirements Linux/MacOS Python 3.x Graphviz package Java...
CVE-2014-8328
The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...