17 matches found
EUVD-2014-2988
Malware in sbrugna...
GHSA-HXF5-99XG-86HW cap-std doesn't fully sandbox all the Windows device filenames
Impact cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so o...
SUSE-SU-2024:3844-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...
SUSE-SU-2024:3843-1 Security update for 389-ds
This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...
SUSE-SU-2024:3082-1 Security update for 389-ds
This update for 389-ds fixes the following issues: Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request bsc1225512 - CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes bsc1226277 - CVE-2024-2199: Fixe...
SUSE SLES15 Security Update : 389-ds (SUSE-SU-2024:2910-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2910-1 advisory. Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request bsc1225512 ...
postaisde.pt XSS vulnerability
Open Bug Bounty ID: OBB-637343 Description| Value ---|--- Affected Website:| postaisde.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
codes.iarc.fr XSS vulnerability
Open Bug Bounty ID: OBB-579540 Description| Value ---|--- Affected Website:| codes.iarc.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
entresaoneetsalon.fr XSS vulnerability
Open Bug Bounty ID: OBB-567289 Description| Value ---|--- Affected Website:| entresaoneetsalon.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2014-2966
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
Design/Logic Flaw
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
CVE-2014-2966
CVE-2014-2966 affects Resin Pro before 4.0.40. The ISO-8859-1 encoder does not perform Unicode transformations correctly, allowing crafted characters to bypass restrictions and the XSS protection mechanism in HTTP responses. The primary affected component is Resin Pro’s ISO-8859-1 output handling...
CVE-2014-2966
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...
GPG4Win GNU - Privacy Assistant PoC
No description provided by source. GPG4Win - GNU Privacy Assistant - GPA.EXE - Crash PoC Found By: DrIDE Tested On: 7RC, XPSP3 Usage: Paste this into GPA Clipboard, Verify. ''' -----BEGIN PGP MESSAGE----- Charset: ISO-8859-1 Version: GnuPG v1.4.9 GNU/Linux Comment: If you Verify me in Clipboard...
ACDSee FotoSlate - '.PLP' File 'id' Local Overflow (Metasploit)
$Id: acdseefotoslatestring.rb 13853 2011-10-10 16:47:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Adobe Reader 5.1 - XFDF Buffer Overflow (SEH)
Adobe Reader 5.1 - XFDF Buffer Overflow SEH Exploit Title: Adobe Reader 5.1 XFDF Buffer Overflow Vulnerability SEH Google Dork: N/A or filtype ".xfdf" Date: 04/01/2011 Author: [email protected] / http://extraexploit.blogspot.com Software Link: http://www.oldversion.com/download/acrobat51.exe...