EUVD-2018-1963

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987171)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987171 advisory. In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, ...

DEBIAN-CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2020-19879

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $GET'dbhcmspid' variable in dbhcms\page.php line 107,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for the existence of efi.getvariable before calling it...

UBUNTU-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

PT-2023-34878 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 3.0 through 5.4.229 Description: A null-deref issue was found in the gsmi get variable function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions 3.0 through...

PT-2023-9444 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a null pointer dereference in the gsmi component of the Linux kernel. This can be triggered by a new get variable call with attr=NULL, which was introduced by a...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.A security vulnerability exists in Insyde InsydeH2O. The vulnerability stems from the System Management...

Cross-site Scripting (XSS) - Reflected in dmpop/mejiro

Description From OWASP : : Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script...

PT-2021-21800 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a...

CVE-2018-8963

In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file...

phpMySite - Cross-Site Scripting SQL Injection

phpMySite - Cross-Site Scripting SQL Injection ================================================================= phpMySite XSS/SQLi Multiple Remote Vulnerabilities ================================================================= Author: Crux Homepage: http://hack-tech.com Date: 2-27-2010 Softwar...

Clark Connect Cross Site Scripting

Hello, I have found an XSS vulnerability in ClarkConnect web interface. ClarkConnect is an internet server and gateway that provides protocol filtering, bandwidth management, Windows File Sharing / Samba, LDAP Directory Integration and other features... The vulnerability was found in the latest...

phpMyDesktop.txt

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...

phpMyDesktop|arcade 1.0 FINAL Code Execution

phpMyDesktop|arcade 1.0 FINAL Code Execution Exploit found-by: darkgod [email protected] links: criticalsecurity.NET, hackthissite.org, hacbloc.org video-@: http://dgod.dajoob.com/videos/phpmydesktoparcade.rar phpMyDesktop|arcade is a php-based 'bridge' between a game and message board. Its g...

dnGuestbook 2.0 - SQL Injection

/ | | | | | SECURITY ADVISORY | | | | | /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ advisory: dnGuestbook "dnGuestbook by design-nation.de Version" - 331 msn - "dnGuestbook by design-nation.de Version" - 249 conditions: php.ini - magicquotesgpc = Off greets: all security guys and coders ove...

Cross site scripting

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

CVE-2006-0317

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...