thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

CVE-2019-18936

UniValue::read in UniValue before 1.0.5 allow attackers to cause a denial of service the class internal data reaches an inconsistent state via input data that triggers an error...

CVE-2019-18936

UniValue::read in UniValue before 1.0.5 allow attackers to cause a denial of service the class internal data reaches an inconsistent state via input data that triggers an error...

UBUNTU-CVE-2019-18936

UniValue::read in UniValue before 1.0.5 allow attackers to cause a denial of service the class internal data reaches an inconsistent state via input data that triggers an error...

CVE-2019-18936

UniValue::read in UniValue before 1.0.5 allow attackers to cause a denial of service the class internal data reaches an inconsistent state via input data that triggers an error...

thrift: Endless loop when feed with specific input data

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin) Exploit

Exploit for php platform in category web applications Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.ph...

Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Business Live Chat Software 1.0 - Cross-Site Request Forgery Add Admin Description: Operator Can Change Role User Type to admin Date: 2020-02-26 Exploit Author: Meisam Monsef Vendor Homepage: https://www.bdtask.com/business-live-chat-software.php Version: V-1.0 Tested on: ubuntu...

CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

Design/Logic Flaw

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

Security Bulletin: Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package

Summary Multiple vulenerabilities CVE-2019-0205, CVE-2019-0210 in thrift package Vulnerability Details CVEID: CVE-2019-0205 DESCRIPTION: In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue...

DEBIAN-CVE-2019-0205

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

CVE-2019-0205

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

Loop with Unreachable Exit Condition (Infinite Loop)

In Apache Thrift, a server or client may run into an endless loop when feed with specific input data...

CVE-2019-0205

CVE-2019-0205 affects Apache Thrift up to version 0.12.0, where a server or client may enter an endless loop when fed specific input data. The issue was partially fixed in 0.11.0, and depending on the language binding, only certain bindings are impacted. Exploitation details are not provided in t...

The vulnerability of the goldendict software package for the Astra Linux operating system arises from a validation error in the input data received from web servers. This error allows attackers to perform spoofing attacks.

The vulnerability of the goldendict software package for the Astra Linux operating system is related to a validation error in the input data received from web servers. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

CVE-2019-13448

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could exploit the vulnerable function in order to prepare an XSS payload to send to the product's clients...

CVE-2019-13447

An issue was discovered in Sertek Xpare 3.67. The login form does not sanitize input data. Because of this, a malicious agent could access the backend database via SQL injection...

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes

Microsoft DirectWrite AFDKO - Stack Corruption in OpenType Font Handling Due to Negative nAxes -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling library...