12 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-44500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. A lack of input validation in calls to ebdiv in srport/ebmuldiv.c allows...
Open Redirect
github.com/coder/coder is vulnerable to Open Redirect. The vulnerability is due to lack of proper input validation on the Coder login page, allows attackers to manipulate the URL and redirect users to malicious websites...
CVE-2024-30110
HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways...
CVE-2023-37346
Kofax Power PDF TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a...
Many issues around addGlobalToken due to lack of input validation when linking a global token to local token
Lines of code Vulnerability details Impact addGlobalToken is used to add a global token to a branch. The flow as follows: 1 = CoreBranchRouter.addGlobalToken 2 = Send Cross-Chain request System Response/Request with FuncId 0x01 Notice that is uses normal callOut though. Anyway, let's continue...
NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within th...
Lack of input validation
Lines of code Vulnerability details Impact There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable. Proof of Concept After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it,...
CVE-2019-10508
Lack of input validation for data received from user space can lead to OOB access in WLAN in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...
Cisco Linksys E1200 / N300 Cross Site Scripting
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...
Cisco/Linksys E1200 N300 Reflected XSS
Summary -------------------- Software : Cisco/Linksys Router OS Hardware : E1200 N300 others currently untested Version : 2.0.04 others currently untested Website : http://www.linksys.com Issue : Reflected XSS Severity : Medium Researcher: Carl Benedict theinfinitenigma Product Description...
EPay Pro 2.0 - 'index.php' Directory Traversal
source: https://www.securityfocus.com/bid/14871/info EPay Pro is prone to a directory traversal vulnerability. This is due to a lack of proper validation of user-supplied input. An unauthorized user can retrieve arbitrary files by supplying directory traversal strings '../' to the vulnerable...
Crob FTP Server 3.5.1 - Remote Information Disclosure
source: https://www.securityfocus.com/bid/9546/info A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root...