CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

steine-und-minerale.de XSS vulnerability

Open Bug Bounty ID: OBB-602966 Description| Value ---|--- Affected Website:| steine-und-minerale.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

MGASA-2018-0204 Updated python-paramiko packages fix security vulnerability

A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step CVE-2018-7750. This flaw is a user authentication bypass in the...

Uncontrolled resource consumption in nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

Moderate severity vulnerability that affects nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. References: -...

Computerinsel Photoline PCX Decompress Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.53. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this...

Computerinsel Photoline PSD Blending Channels Code Execution Vulnerability

Summary A memory corruption vulnerability exists in the PSD parsing functionality of Computerinsel Photoline 20.53. A specially crafted PSD document processed via the application can lead to an out of bounds write overwriting arbitrary data. An attacker can deliver a PSD document to trigger this...

Passit: CSV-injection in export functionality

Summary: CSV-injection in export functionality Description: Hello team! I have found that you have a CSV-injection vulnerability in export functionality. First I thought that this is just fine but because you can group up this can be used against another users which makes this pretty critical...

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

dille-kamille.de XSS vulnerability

Open Bug Bounty ID: OBB-599095 Description| Value ---|--- Affected Website:| dille-kamille.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

midea.cl XSS vulnerability

Open Bug Bounty ID: OBB-598937 Description| Value ---|--- Affected Website:| midea.cl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

Amazon Linux AMI : nvidia (ALAS-2018-991)

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape where a NULL pointer dereference may lead to denial of service or possible escalation of privileges. CVE-2018-6247 NVIDIA Windows GPU Display Driver contains a vulnerability ...

Denial of service

An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one...

YzmCMS 3.6 - Cross-Site Scripting

Exploit Title: YzmCMS 3.6 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the users. poc:...

poitou-charentes.inra.fr XSS vulnerability

Open Bug Bounty ID: OBB-597149 Description| Value ---|--- Affected Website:| poitou-charentes.inra.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-8813

Open redirect vulnerability in the loginredirect parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL...

CVE-2018-8813

CVE-2018-8813 describes an open redirect vulnerability in WolfCMS 0.8.3.1, where the login[redirect] parameter in the login functionality can be exploited to redirect users to arbitrary external sites, enabling phishing scenarios. The connected documents consistently confirm the affected product/...

CVE-2018-8941

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set DiagnosticsEntry' function in an HTTP request, related to /userfs/bin/tcapi...

CVE-2018-6252

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software allows an actor access to restricted functionality that is unnecessary to production usage, and which may result in denial of service...