2154 matches found
[SECURITY] Fedora 33 Update: mupdf-1.18.0-5.fc33
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Digium Certified Asterisk 安全漏洞
Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. This number is a duplicate of CNNVD-201911-1291, the relevant content has been removed, pleas...
Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy
A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy. Note-1: This is just an experimental tool, do not use this in any banking transactions. Unethical use of this tool is strictly not encouraged." Note-2:...
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...
SQL injection vulnerability in ar***.php page of Baoding Interactive Enterprise Marketing Planning Co.
Baoding Interactive Enterprise Marketing Planning Co. Baoding Interactive Enterprise Marketing Planning Co., Ltd. website building system ar.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information database...
Shijiazhuang Jiuwing Network Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-13488)
Shijiazhuang Nine Win Network Technology Co., Ltd. is referred to as Nine Win Interactive, with website construction, mobile Internet products, 720-degree panoramic display, VI visual design as the core business. Shijiazhuang Jiuwin Network Technology Co., Ltd. website building system SQL injecti...
Shijiazhuang Jiuwing Network Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-09696)
Shijiazhuang Nine Win Network Technology Co., Ltd. is referred to as Nine Win Interactive, with website construction, mobile Internet products, 720-degree panoramic display, VI visual design as the core business. Shijiazhuang Jiuwin Network Technology Co., Ltd. website building system SQL injecti...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
Exploit Title: TerraMaster TOS 4.2.06 - RCE Unauthenticated Date: 12/12/2020 Exploit Author: IHTeam Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ Vendor Homepage: https://www.terra-master.com/ Version: " /usr/www/"+shellfilename+" &&...
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow
This module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 x86 in VirtualBox, VMware Fusion, and VMware...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
CVE-2020-12148
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...
Command injection
A command injection flaw identified in the nslookup API in Silver Peak Unity ECOSTM ECOS appliance software could allow an attacker to execute arbitrary commands with the privileges of the web server running on the EdgeConnect appliance. An attacker could exploit this vulnerability to establish a...
IBM AIX 授权问题漏洞
IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture.IBM VIOS is a virtual IO server. An authorization issue vulnerability exists in IBM AIX and VIOS, which allows local attackers to exploit the vulnerability with the ksu user command to gain ro...
Foxit Reader Javascript Field fileSelect Use After Free Vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...
Foxit Reader JavaScript choice field use-after-free vulnerability
Summary A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open t...