CVE-2019-11389

An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service ReDOS by entering a specially crafted string with next at the beginning and nested repetition operators. NOTE: the...

EUVD-2017-8993

Malware in sbrugna...

EUVD-2021-30002

Malicious code in bioql PyPI...

PT-2025-22717 · Intellian · Intellian C700

Name of the Vulnerable Software and Affected Versions: Intellian C700 affected versions not specified Description: The issue concerns the Intellian C700 web panel, specifically with the addition of firewall rules. Each rule has an associated ID, but a discrepancy can occur between the ID used for...

CVE-2025-4905

A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function loadqcpickl of the file basestation3/QC.py. The manipulation of the argument qcfile leads to deserialization. An attack has to be approached locally. The exploit has bee...

curl: CVE-2024-2466: TLS certificate check bypass with mbedTLS

The Curl library had a security vulnerability where the certificate name check was bypassed when connecting to a host via its IP address. This could have potentially introduced spoofing attacks or unauthorized access due to unverified server certificate. The issue affected Curl with MbedTLS from...

PT-2023-20549 · Tibco Software · Spotfire For Aws Marketplace +2

Name of the Vulnerable Software and Affected Versions: TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0 Description: The Spotfire Connectors...

CVE-2023-29935

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.countop && "operation was already replaced...

Code injection

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldapid attribute of a user during the daily synchronization. A malicious user could force accounts to ...

Debian DLA-2503-1 : node-ini security update

It was discovered that there was an issue in node-ini, a .ini format parser and serializer for Node.js, where an application could be exploited by a malicious input file. For Debian 9 'Stretch', this problem has been fixed in version 1.1.0-1+deb9u1. We recommend that you upgrade your node-ini...

CVE-2019-6474 A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

Authentication flaw

The time-based one-time-password TOTP function in the application logic of the Green Electronics RainMachine Mini-8 2nd generation uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

Heap overflow

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

CVE-2017-10670

The CVE-2017-10670 entry describes an XML External Entity (XXE) vulnerability in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). The root cause is an XXE issue that can be exploited by sending a specially crafted, standards-conforming OSCI ...

Undocumented Backdoor Account in DBLTek GoIP

Trustwave recently reported a remotely exploitable issue in the Telnet administrative interface of numerous DblTek branded devices. The issue permits a remote attacker to gain a shell with root privileges on the affected device due to a vendor backdoor in the authentication procedure. The Telnet...

Mambo LMTG Myhomepage 1.2 Component Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19584/info The lmtgmyhomepage component for Mambo is prone multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitra...

Snitz Forums 2000 3.4.6 Pop_Mail.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20712/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

McAfeeUnlocker.cpp

/ McAfee VirusScan 8.5.0i local exploitable issue - McAfee Unlocker by Bendi zbendi gmail.com McAfee VirusScan 8.5.0i can be locked with password by admin ... and unlocked withount it ! Encrypted password is in registry but not accessible in writing. Once admin has unlocked McAffe, a global Atom ...

Mah-Jong 1.4/1.6 - Server Remote Denial of Service

source: https://www.securityfocus.com/bid/8558/info A remote denial of service vulnerability has been reported to affect the mah-jong game server. The issue has been reported to be exploitable so that a remote attacker may trigger a tight loop in the affected mah-jong server. This will cause the...