1933 matches found
Exploit for Insertion of Sensitive Information into Log File in Canonical Subiquity
CVE-2020-11932 Double-Free bug in WhatsApp exploit poc. N...
User Management System 2.0 - Persistent Cross-Site Scripting
Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version: v2.0 Tested on: Xampp Credit: İsmail BOZKU...
Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers
A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...
February 10, 2015 update for Office Web Apps Server 2013 (KB2956101)
February 10, 2015 update for Office Web Apps Server 2013 KB2956101 This article describes update KB2956101 for Microsoft Office Web Apps Server 2013 that was released on February 10, 2015. This update has a prerequisite. Improvements and Fixes Improves localization to make sure that the meanings...
CVE-2019-20636
An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat fro...
Unspecified Vulnerability in Oracle E-Business Suite Depot Repair
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management and other functions. An unspecified vulnerability exists in Oracle...
The vulnerability of Firefox browsers, including Firefox ESR, arises from the lack of protective measures for website structure, allowing attackers to compromise data integrity.
The vulnerability of Firefox browsers and Firefox ESR is related to an error in inserting hyperlinks directly into the text node of elements. Exploiting this vulnerability can allow a remote attacker to compromise data integrity...
Access Control Bypass
encryptfs-utils is vulnerable to access control bypass. An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user'...
Improper Session Handling
php is vulnerable to improper session handling. The vulnerability exists as an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL...
CVE-2020-7599
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is public...
Fedora 30 : ckeditor (2020-261449d821)
CKEditor 4.14 Security Updates: - CVE-2020-9281 Fixed XSS vulnerability in the HTML data processor reported by Micha Bentkowski of Securitum. Issue summary: It was possible to execute XSS inside CKEditor after persuading the victim to: i switch CKEditor to source mode, then ii paste a specially...
SAP Data Services Cross-Site Request Forgery Vulnerability
SAP Data Services is a set of enterprise data management software from Germany's SAP. The software supports the processing of structured and unstructured data, and supports data conversion, cleaning and matching functions. A cross-site request forgery vulnerability exists in SAP Data Services. An...
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug...
Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption
Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...
Unspecified Vulnerability in Oracle Database Server (CNVD-2020-04348)
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in Oracle Database Server. An attacker could exploit this vulnerability to unauthorized update,...
Cross-site Scripting (XSS)
craftcms is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it does not handle the header insertion field when adding source code at an s/admin/entries/news/new URI...
Shopping Portal ProVersion 3.0 - Authentication Bypass
Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Descriptio...
CVE-2019-9554
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...
CVE-2019-9554
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI...