17 matches found
EUVD-2014-7437
Malware in sbrugna...
CVE-2023-43275
Cross-Site Request Forgery CSRF vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalogadd.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form...
Code injection
Lack of verification in B&R APROL Tbase server versions R 4.2-07 may lead to memory leaks when receiving messages...
CVE-2022-43762 Memory leak when receiving messages in APROL Tbase server
Lack of verification in B&R APROL Tbase server versions R 4.2-07 may lead to memory leaks when receiving messages...
Arbitrary File Upload
express-fileupload is vulnerable to arbitrary file upload. The vulnerability exists due to a lack of verification of the number of files being sent to the writeStream function...
Foxit PDF Reader Resource Management Error Vulnerability (CNVD-2022-22736)
Foxit PDF Reader is a PDF reader from Foxit, a Chinese company. Foxit PDF Reader is vulnerable due to a lack of verification of the existence of an object before performing operations on it, which can be exploited to execute code in the context of the current process...
Foxit PDF Reader Resource Management Error Vulnerability (CNVD-2022-22730)
Foxit PDF Reader is a PDF reader from Foxit China.A security vulnerability exists in Foxit PDF Reader, which stems from the lack of verification of the existence of an object before performing operations on it, and can be exploited by attackers to execute code in the context of the current proces...
CVE-2021-43273
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...
CVE-2020-19767
A lack of target address verification in the destroycontract function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script...
Open Redirection
github.com/pomerium/pomerium is vulnerable to open redirect. Lack of verification of pomeriumsignature affects routes responsible for sign in/out. However, it does not introduce an authentication bypass...
Design/Logic Flaw
HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160C00E160R2P8 have an out of bound read vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause...
Integer overflow
HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160C00E160R2P8 has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer...
(Pwn2Own) Huawei App Market JavaScript Bridge Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Huawei App Market. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...
(Pwn2Own) Huawei App Market Whitelist Bypass Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Huawei App Market. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...
CVE-2018-9205
Vulnerability in avataruploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path...
CVE-2018-0140
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...
CVE-2018-0140
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of...