105 matches found
Central Dogma Cross-Site Scripting Vulnerability
Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A cross-site scripting vulnerability exists in Central Dogma versions 0.17.0 through 0.40.1. The vulnerability stems from a lack of proper validation of client-side data by the WEB...
RANGER Studio Directus Cross-Site Scripting Vulnerability
RANGER Studio Directus is the United States RANGER Studio company's set of open source for managing custom databases open source headless CMS and API. A cross-site scripting vulnerability exists in the interfaces/markdown/input.vue file in RANGER Studio Directus version 7 prior to Application...
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2019-19310)
TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 versions 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7. The vulnerability stems from a lack of proper validation of client-side data by t...
STOPzilla AntiMalware Denial of Service Vulnerability (CNVD-2019-19486)
STOPzilla AntiMalware is a set of antivirus software from the American company STOPzilla that is mainly used for malware detection and killing. A denial of service vulnerability exists in the szkg64.sys driver file in STOPzilla AntiMalware version 6.5.2.59. The vulnerability originates from a...
MyBB Cross-Site Scripting Vulnerability (CNVD-2019-18514)
MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB versions prior to 1.8.21. The vulnerability stems...
CloudBees Jenkins ElectricFlow Plugin Cross-Site Scripting Vulnerability (CNVD-2019-22636)
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElectricFlow Plugin is used in one of the...
ZOHO ManageEngine Application Manager Cross-Site Scripting Vulnerability
ZOHO ManageEngine Application Manager is a set of application monitoring and management system of the United States ZhuoHao ZOHO company. The system is mainly used to monitor server and application performance. A cross-site scripting vulnerability exists in ZOHO ManageEngine Application Manager...
Foxit Studio Photo Information Disclosure Vulnerability
Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. A security vulnerability exists in the handling of TIF files in Foxit Studio Photo 3.6.6.779 and prior versions, which is caused by the program failing to properly validate user-submitted data. An attacker...
Liberapay: Improper Data Validation / Unvalidated Input
Steps to reproduce: 1 - Be logged in a account 2 - Go to: https://liberapay.com/user/edit/statement 3 - Click on Visualize 4 - Submit and edit POST parameters to fuzz infinitely 5 - Wait the server proccess the request. I send only 2.813.054 characters. Improper input size validation... I'm sorry...
Foxit Reader getField Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the getField method, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a lack of proper validation of user-supplied data...
Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Cross site scripting
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...
CVE-2013-0267
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...
Huawei's Multiple Product Cross-Border Write Vulnerabilities
Huawei AR120-S and others are router products from Huawei China. A security vulnerability exists in several Huawei products, which stems from a program that fails to properly validate user-submitted data. A remote attacker can exploit the vulnerability by sending an abnormal OSPF message to cause...
Foxit Reader Information Disclosure Vulnerability (CNVD-2018-00217)
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in Foxit Reader version 8.3.2.25013, which is caused by the program failing to properly validate user-submitted data. The vulnerability can be exploited by a remote attacker to disclos...
Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-00215)
Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in Foxit Reader version 8.3.1.21155, which is caused by the program failing to properly validate user-submitted data. The vulnerability can be exploited by a remote attacker to execute...
Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...
KLA10730 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Improper data validation and lack of restrictions can be exploited remotely via a specially designed packet o...
CVE-2014-7252
Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local user...
CVE-2014-7252
Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local user...