CVE-2018-5880

Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660...

CVE-2018-5880

Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660...

Apache Active MQ 5.0.0 to 5.15.5 Authenticated XSS Vulnerability - Linux

Apache ActiveMQ is prone to an authenticated XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

CVE-2018-8006

An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter...

Liberapay: Improper Data Validation / Unvalidated Input

Steps to reproduce: 1 - Be logged in a account 2 - Go to: https://liberapay.com/user/edit/statement 3 - Click on Visualize 4 - Submit and edit POST parameters to fuzz infinitely 5 - Wait the server proccess the request. I send only 2.813.054 characters. Improper input size validation... I'm sorry...

Foxit Reader getField Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the getField method, which can be exploited by an attacker to execute arbitrary code in the context of the current process due to a lack of proper validation of user-supplied data...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cross site scripting

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...

CVE-2013-0267

The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scriptin...

Huawei's Multiple Product Cross-Border Write Vulnerabilities

Huawei AR120-S and others are router products from Huawei China. A security vulnerability exists in several Huawei products, which stems from a program that fails to properly validate user-submitted data. A remote attacker can exploit the vulnerability by sending an abnormal OSPF message to cause...

The vulnerability of the centralized version control system CVS lies in its improper handling of data when interacting with a remote repository via SSH protocol. This allows a malicious actor to execute arbitrary code.

The vulnerability of the centralized version control system CVS is related to improper data processing when interacting with a remote repository via SSH protocol. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted hostname in the repository’...

Foxit Reader Information Disclosure Vulnerability (CNVD-2018-00217)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in Foxit Reader version 8.3.2.25013, which is caused by the program failing to properly validate user-submitted data. The vulnerability can be exploited by a remote attacker to disclos...

Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-00215)

Foxit Reader is China's Foxit Foxit Software Corporation, a PDF document reader. A security vulnerability exists in Foxit Reader version 8.3.1.21155, which is caused by the program failing to properly validate user-submitted data. The vulnerability can be exploited by a remote attacker to execute...

The vulnerability of the microprogrammed software in wireless presentation systems like ClickShare CSM-1 and ClickShare CSC-1, related to incorrect data processing, allows a intruder to execute arbitrary code.

The vulnerability of the microprogrammed software in Barco ClickShare CSM-1 and ClickShare CSC-1 wireless presentation systems is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the affected application remotely...

IBM Maximo Asset Management Local Information Disclosure Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A local...

The vulnerability of the Windows operating system’s kernel allows a hacker to execute code within the context of a privileged process.

The vulnerability of the Windows operating system’s kernel is related to improper data handling in the device’s memory. Exploiting this vulnerability allows a local attacker to execute code within the context of a privileged process...

The vulnerability of the Junos operating system’s jdhcpd daemon allows a attacker to cause the application to terminate and restart, thereby triggering a service failure.

The vulnerability of the Junos operating system’s jdhcpd component is related to improper data processing. Exploiting this vulnerability can allow a remote attacker to cause the application to stop working and restart, as well as trigger a service failure using a specially crafted DHCPv6 packet...