CVE-2026-9016

The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due to the logjserrors AJAX handler being registered for unauthenticated users via...

Astra Linux - уязвимость в nasm

There is a use-after-free in asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16, which will cause a denial of service during a line-number increment attempt...

JLSEC-2025-41 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to ...

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

Security update for expat

This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion bsc1239618 Other fixes: - version update to 2.7.1 jscPED-12500 Bug fixes: 980 989 Restore event pointer...

Buffer overflow

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONGMAX - lnum will cause the overflow. Impact is low, user interactio...

SUSE CVE-2018-10316

Netwide Assembler NASM 2.14rc0 has an endless while loop in the assemblefile function of asm/nasm.c because of a globallineno integer overflow...

SUSE CVE-2018-20535

There is a use-after-free at asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16 that will cause a denial of service during a line-number increment attempt...

CVE-2020-12651

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INTMAX...

ALPINE-CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

UBUNTU-CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

DEBIAN-CVE-2018-20535

There is a use-after-free at asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16 that will cause a denial of service during a line-number increment attempt...

UBUNTU-CVE-2018-20535

There is a use-after-free at asm/preproc.c function ppgetline in Netwide Assembler NASM 2.14rc16 that will cause a denial of service during a line-number increment attempt...

radare2 denial of service vulnerability (CNVD-2018-13276)

radare2 is a set of libraries and tools for working with binary files. A security vulnerability in the 'rbinjavaannotationnew' function in the shlr/java/class.c file in radare2 version 2.7.0 stems from a lack of input validation in the rbinjavalinenumbertable missing input validation in attrnew. ...

UBUNTU-CVE-2018-14017

The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...

DFD Cart 1.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...

openSUSE Security Update : icinga (openSUSE-SU-2014:0069-1)

imported upstream version 1.10.2 - includes fix for possible denial of service in CGI executables: CVE-2013-7108 bnc856837 - core: Add an Icinga syntax plugin for Vim 4150 - LE/MF - core: Document dropped options logexternalcommandsuser and eventprofilingenabled 4957 - BA - core: type in spec...

XSS in Issue Collector

Hi Atlassian! There is a XSS vulnerability in the issue collector: File: /atlassian-jira-5.1.8-source/jira-issue-collector-plugin/src/main/resources/templates/view-collector.vm Line 82: $issue.summary Anonymous users can inject JS in the issue summary which usually will be executed by users with...

BigACE 2.4 - Multiple Remote File Inclusions

BigACE 2.4 - Multiple Remote File Inclusions / \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /'...

BIGACE 2.4 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ========================================================= BIGACE 2.4 Multiple Remote File Inclusion Vulnerabilities ========================================================= / \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ |...

bigace-rfi.txt

/ \ @ /|\ /|\ |-| / | \ /|/\ / | \ @ | |--------------------/--|-voV---|'/--Vov-|-----------------------|-| |-| '^ o o '^ | | | | \Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| ||| | @ l /\ / \ /\ l |-| l / V \ \ V \ l @ l/ \I \ /' ---------------------------------------------- GrEeTs...