GitLab CE/EE 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability in GitLab CE/EE versions prior to 15.0.5 starting with...

Backdoor.Win32.Antilam.14.o Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/2914f01e65d848655d4f1aac51ff04d1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.o Vulnerability: Unauthenticated Remote Command Execution Description: The...

Backdoor.Win32.Antilam.14.d Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a53351e8fa0cb4f7db3d0250387a0e4f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Antilam.14.d Vulnerability: Unauthenticated Remote Command Execution Description: The...

CVE-2021-27167

An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hexadecimal characters for the admin account. These characters are generated in init3bbpassword in libciadaptationlayer.so...

Server-Side Request Forgery (SSRF)

wordpress is vulnerable to server-side request forgery SSRF. The URL validation does not consider the interpretation of a name as a series of hex characters, allowing a remote attacker to bypass the URL validation using hex values in the URL...

Server side request forgery (ssrf)

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

CVE-2019-17669

WordPress before 5.2.4 has a Server Side Request Forgery SSRF vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters...

DEBIAN-CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

CVE-2016-4303

The parsestring function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service crash or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow...

Design/Logic Flaw

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...

CVE-2011-1027

Off-by-one error in the convertqueryhexchar function in html.c in cgit.cgi in cgit before 0.8.3.5 allows remote attackers to cause a denial of service infinite loop via a string composed of a % percent character followed by invalid hex characters, as demonstrated by a %gg sequence...