18 matches found
Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting
Vulnerability description not provided...
CVE-2025-7954
CVE-2025-7954 targets Shopware v6.6.10.4 and describes a race condition in the voucher system that allows bypassing voucher restrictions and exceeding usage limits. The issue arises during voucher validation, where non-atomic voucher checks can enable multiple checkouts to reuse limited or genera...
CVE-2024-39810
Mattermost Server vulnerable versions: 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0. The root cause is failure to time/size-limit the CA path file in the Elasticsearch configuration, allowing a System Role with access to the Elasticsearch console to set any file as a CA path (e.g., /dev/zero). After...
CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71...
CVE-2024-24873 WordPress Polls CP plugin <= 1.0.71 - Polls Limitation Bypass vulnerability
: Improper Control of Interaction Frequency vulnerability in CodePeople CP Polls allows Flooding.This issue affects CP Polls: from n/a through 1.0.71...
CVE-2024-29025
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...
HackerOne: Ability to bulk submit reports via query named based batching
A vulnerability was discovered in the GraphQL API of the HackerOne platform. The vulnerability allowed an attacker to bulk submit reports via query-based batching, bypassing the intended limit of 500 reports. This was achieved by leveraging a Python script to generate a large number of reports in...
CVE-2022-2366 Incorrect defaults can cause attackers to bypass rate limitations
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...
CVE-2018-18497
CVE-2018-18497 : In Firefox, limitations on URIs allowed to WebExtensions via the browser.windows.create API can be bypassed by placing a pipe in the URL field, causing multiple pages to load as a single argument. This may allow a malicious WebExtension to open privileged locations such as about:...
Debian DSA-4020-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...
FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a)
Google Chrome Releases reports : 35 security fixes in this release, including : - 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 - 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 - 760455 High CVE-2017-5126: Use after free in...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 35 security fixes in this release, including: 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 760455 High CVE-2017-5126: Use after free in PDFium...
CVE-2015-7971
Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted 1 HYPERCALLxenoprofop hypercalls, which are not properly handled in the doxenoprofop...
Linux kernel multiple security vulnerabilities
DoS via ptrace syscall, filesystems mount options limitation bypass...
rssh security vulnerabilities
Multiple environment limitation bypass possibilities...
Apple XCode 4.x 信息泄露漏洞
BUGTRAQ ID: 54679 CVE ID: CVE-2012-3698,CVE-2011-3389 Xcode是苹果机器上所使用的开发工具。 Apple Xcode 4.4之前版本在实现上存在安全漏洞,可被恶意用户利用泄露敏感信息,劫持用户会话,绕过某些安全限制。 1) SSL 3.0和TLS 1.0协议的实现中存在设计错误。 2) DR实现中的错误可允许App Store应用访问用Xcode构建的Helper工具中的密钥链项目。 0 Apple XCode 4.x 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
PHP "crypt()" MD5 Salt安全漏洞
PHP是流行的脚本语言环境。 PHP在"crypt"函数的实现上存在安全漏洞,远程攻击者可利用此漏洞绕过某些安全限制。 此漏洞源于"crypt"函数在生成有salt的MD5哈希时,仅返回salt PHP 5.3.x 厂商补丁: PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.php.net...
Sun Java WebStart multiple security vulnerabilities
Sandbox limitation bypass, buffer overflow...